RE: Backdoor.coreflood infection

[<b9 () hushmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Recently there have been several systems here that were infected by this
backdoor. Our anti-virus software blocked any damage however, I'm also
unsure how it got in.

- -----Original Message-----
From: Reid Forrest [mailto:reidfo () yahoo com]
Sent: Thursday, September 04, 2003 2:05 PM
To: incidents () securityfocus com
Subject: Backdoor.coreflood infection

We've had three machines across multiple sites come up
with the backdoor.coreflood trojan today. NAV caught
them all, but I'm wondering how it got in. We block
.exe attachments.

It's my understanding that this thing doesn't
propagate itself. One instance I can understand, but
three seemingly unrelated infections are puzzling.

Is anyone else seeing this, or have any ideas?

Reid

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.3

wkYEARECAAYFAj9gaeQACgkQp0G6PzWyWD/MaACgtFzY00EHM+UNtCFC6U6LOggm0e4A
nRin9MViiziFMqxlC6URQyruM76D
=+trY
-----END PGP SIGNATURE-----




Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434

Promote security and make money with the Hushmail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html