Re: New Virus/Trojan/...?

[Jason Brooks <brooksje () LONGWOOD EDU>]

We submitted the executable Quicktimee.exe that was doing the port 445 scans
to McAfee yesterday morning.  They responded yesterday afternoon classifying
it as W32/SDBot.worm.  They also issued us an EXTRA.DAT which will be cycled
into production DATs soon.

Thanks for the suggestions,
Jason Brooks


-----Original Message-----
From: The EDUCAUSE Security Discussion Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Scott Weeks
Sent: Monday, October 04, 2004 5:21 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] New Virus/Trojan/...?

On Mon, 4 Oct 2004, Jason Brooks wrote:

:  Beginning about 16:45 EDT on Sunday 3 Oct 2004, we began seeing high
levels
:  of port scanning for port 445 from our students.  We have obtained one
:  laptop for analysis.  Here are our findings:
:
:          Process Quicktimee.exe is opening numerous outbound connections
to

<snip>

:  So, with that, does it look familiar to anyone?  McAfee doesn't know it,
and
:  can't turn up anything seemingly related in Google, etc.
:
:  Suggestions/Help?


You might try the Incidents mailinglist at SecurityFocus:

     http://www.securityfocus.com/incidents

scott












x=x=x=x=x=x=x=x=x=x=x=x

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/groups/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.