Educause Security Discussion mailing list archives

Re: Trojans

From: Brian Reilly <reillyb () GEORGETOWN EDU>
Date: Thu, 30 Oct 2003 16:14:42 -0500

Phil,

Chances are what you're seeing is W32.Randex.[n].  It spreads via
blank/weak SMB passwords, and then connects to an IRC server to provide an
attacker with remote control of the compromised host.  See
http://www.symantec.com/avcenter/venc/data/w32.randex.s.html for details.

--Brian

On Thu, 30 Oct 2003, Phillip Cowell wrote:

Hi all,
  Has anyone seen an increase in the number of machines infected with
Trojans? We're seeing more infections flooding out of port 6667 to
various IRC sites.
Phil Cowell
ISO
Ithaca College

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.


**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.

Current thread:

Trojans Phillip Cowell (Oct 30)
- <Possible follow-ups>
- Re: Trojans Brian Reilly (Oct 30)
- Re: Trojans Dick Jacobson (Oct 31)