Firewall Wizards mailing list archives
Re: sndvol.exe
From: "Paul M. Cardon" <pmarc () cmg fcnbd com>
Date: Fri, 19 Mar 1999 23:58:35 -0600
You wrote: : Has anyone noticed a Trojan horse called sndvol.exe that replaces the : Win NT/9X sndvol.exe and then does a continuous port scan from inside a : firewall to multiple outside addresses? It created a denial of service : by maxing out the sessions on our Pix. We're trying to locate the : source of the executable. Looks like somebody has been through this already... http://cs.wilpaterson.edu/~scottw/shebang/trojanhorse/ -paul
Current thread:
- sndvol.exe Randy Garbrick (Mar 19)
- Re: sndvol.exe 0x1c (Mar 21)
- Re: sndvol.exe Paul M. Cardon (Mar 22)
- Re: sndvol.exe 0x1c (Mar 23)
- Re: sndvol.exe Paul M. Cardon (Mar 22)
- Re: sndvol.exe Paul M. Cardon (Mar 21)
- Re: sndvol.exe Gordy Thompson (Mar 21)
- <Possible follow-ups>
- Re: sndvol.exe Ryan Russell (Mar 21)
- RE: sndvol.exe Frank W. Keeney (Mar 22)
- Re: sndvol.exe 0x1c (Mar 21)