Educause Security Discussion mailing list archives
bestfriends.scr/*Bot
From: Mark Wilson <wilsodm () AUBURN EDU>
Date: Tue, 8 Feb 2005 11:15:05 -0600
Be on the lookout for this one as we continue to see this. There is a bleeding edge snort rule for bestfriends.scr. If you notice traffic going to 209.152.177.208, you probably have infected hosts on your network. This malware spreads via AIM (embedded URL in away message) and drops AgoBot/GoaBot/*Bot on the victim's host. There are several strains going around. More info can be found at http://www.jayloden.com/BestFriends.htm Mark Wilson GCIA, CISSP #53153 Network Security Specialist Auburn University (334) 844-9347 ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Attachment:
Mark Wilson.vcf
Description:
Current thread:
- bestfriends.scr/*Bot Mark Wilson (Feb 08)
- <Possible follow-ups>
- Re: bestfriends.scr/*Bot Wood, Anne M (wood) (Feb 10)
- Re: bestfriends.scr/*Bot Mark Wilson (Feb 10)
- Re: bestfriends.scr/*Bot Gary Flynn (Feb 10)
- Re: bestfriends.scr/*Bot Jeff Kell (Feb 10)