Security Incidents mailing list archives

Re: FW: SANS FLASH: New Trojan Sending Data To Russia

From: Gary Flynn <flynngn () JMU EDU>
Date: Mon, 31 Jul 2000 13:30:55 -0400

Appears to be a site scanning for proxy servers that has now been taken
off the net.

http://www.sans.org/y2k/073000.htm
http://www.sans.org/y2k/073100-1030.htm

Ed Padin wrote:

Can anyone shed more light on this?

-----Original Message-----
From: The SANS Institute [mailto:sans () sans org]
Sent: Friday, July 28, 2000 8:35 PM
Subject: SANS FLASH: New Trojan Sending Data To Russia

SANS Flash Report: Trojans Sending More Data To Russia
July 28, 2000, 6:20 pm, EDT

This is preliminary information.  The GIAC (Global Incident
Analysis Center) has received several submissions showing large
amounts of data being sent, illegitimately, from Windows 98
machines to a Russian IP address (194.87.6.X).  The cause is most
probably a Trojan, but whatever it is, it is moving fast.

Current thread:

Re: FW: SANS FLASH: New Trojan Sending Data To Russia Gary Flynn (Aug 01)
- <Possible follow-ups>
- Re: FW: SANS FLASH: New Trojan Sending Data To Russia Yury Bokhoncovich (Aug 01)
  - Re: FW: SANS FLASH: New Trojan Sending Data To Russia Pierre Vandevenne (Aug 02)
    - Re: FW: SANS FLASH: New Trojan Sending Data To Russia Greg A. Woods (Aug 03)
- Re: FW: SANS FLASH: New Trojan Sending Data To Russia Vitaly Osipov (Aug 01)