Educause Security Discussion mailing list archives
Re: Trojans
From: Brian Reilly <reillyb () GEORGETOWN EDU>
Date: Thu, 30 Oct 2003 16:14:42 -0500
Phil, Chances are what you're seeing is W32.Randex.[n]. It spreads via blank/weak SMB passwords, and then connects to an IRC server to provide an attacker with remote control of the compromised host. See http://www.symantec.com/avcenter/venc/data/w32.randex.s.html for details. --Brian On Thu, 30 Oct 2003, Phillip Cowell wrote:
Hi all, Has anyone seen an increase in the number of machines infected with Trojans? We're seeing more infections flooding out of port 6667 to various IRC sites. Phil Cowell ISO Ithaca College ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Trojans Phillip Cowell (Oct 30)
- <Possible follow-ups>
- Re: Trojans Brian Reilly (Oct 30)
- Re: Trojans Dick Jacobson (Oct 31)