Educause Security Discussion mailing list archives
Re: New Virus/Trojan/...?
From: Justin Azoff <JAzoff () UAMAIL ALBANY EDU>
Date: Thu, 7 Oct 2004 09:22:33 -0400
On Thu, 2004-10-07 at 09:05, Jason Brooks wrote:
Wayne, Was the tftp server running from the Quicktimee.exe process or another one? Thanks, Jason -----Original Message----- From: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Wayne J. Hauber Sent: Wednesday, October 06, 2004 11:50 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] New Virus/Trojan/...? At 09:13 AM 10/6/2004, Jason Brooks wrote:We submitted the executable Quicktimee.exe that was doing the port 445scansto McAfee yesterday morning. They responded yesterday afternoonclassifyingit as W32/SDBot.worm. They also issued us an EXTRA.DAT which will becycledinto production DATs soon. Thanks for the suggestions, Jason BrooksI submitted a copy as well. The system I examined also had an ftp server on port 31907 "220 StnyFtpd 0wns j0", running tfpd
It's not tftp, its just ftp. if you manage to download the file and scan it, you will find that it is indeed sdbot or similar. -- -- Justin Azoff -- Network Performance Analyst ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- New Virus/Trojan/...? Jason Brooks (Oct 04)
- <Possible follow-ups>
- Re: New Virus/Trojan/...? James Riden (Oct 04)
- Re: New Virus/Trojan/...? Scott Weeks (Oct 04)
- Re: New Virus/Trojan/...? Jason Brooks (Oct 06)
- Re: New Virus/Trojan/...? Wayne J. Hauber (Oct 06)
- Re: New Virus/Trojan/...? Jason Brooks (Oct 07)
- Re: New Virus/Trojan/...? Justin Azoff (Oct 07)
- Re: New Virus/Trojan/...? Wayne J. Hauber (Oct 07)