Security Incidents mailing list archives
Re: Worm1800.exe on UnderNet?
From: <bonk () webchat chatsystems com>
Date: Thu, 20 Jun 2002 18:12:08 -0500 (CDT)
On Thu, 20 Jun 2002, Kelly Brown wrote:
Did you look at the website. They straight out say...
If anyone has any questions about ongoing on Undernet, especially when it comes to trojan & virus removal, Grr8ful (grr8ful () undernet org) and puppet (puppet () dynamsol com) can certainly answer any questions you may have. These two along with several others have been at this sort of thing for many years on Undernet.
Kelly Brown Unix System Administrator Ericsson CDMA Systems On Thu, 20 Jun 2002, cw wrote:Hi there folks, Twice in the past hour I have been messaged by two separate people on UnderNet. The message goes: :!Notice!: A Recent Port Scan on your Computer reveals that Port 1800 is in open state. This usually means that you have been infected with an IRC Worm Virus. Please download the cleaner at: http://www.No-Hack.Us/Fixes/Worm1800.exe to remove the virus from your system. If you do not comply with this rule within 30 minutes, our client monitor will ban you from this network. -Thanks For Understanding. UNDERNet Exploit Team The nicks have both been Under-XXX (where XXX is a different set of numbers). For one, I know that port 1800 is not open however the file Worm1800.exe does not show up anything when scanned. Both of the users that messaged me were on pacbell.net adsl The domain no-hack.us was only registered 6 days ago. I don't have the spare time or computer to have a further look into what this file actually does, has anyone come across this yet and know what it does or is anyone willing to investigate? -- O- cw, cw () fidei co uk on 20/06/2002 "Part man, part monkey. Baby that's me" ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
================================================= Travis www.cyberabuse.org/crimewatch Email: Bonk () chatsystems com | Bonk () cyberabuse org ================================================= /"\ \ / X ASCII Ribbon Campaign / \ Against HTML Email ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Worm1800.exe on UnderNet? cw (Jun 20)
- Re: Worm1800.exe on UnderNet? Alex Lambert (Jun 20)
- Re: Worm1800.exe on UnderNet? Jean-Luc (Jun 20)
- Re: Worm1800.exe on UnderNet? Ryan Russell (Jun 20)
- Re: Worm1800.exe on UnderNet? Kelly Brown (Jun 20)
- Re: Worm1800.exe on UnderNet? K. Graham (Jun 21)
- Re: Worm1800.exe on UnderNet? bonk (Jun 21)
- FollowUp: Worm1800.exe on UnderNet? cw (Jun 21)
- Re: FollowUp: Worm1800.exe on UnderNet? Ryan Russell (Jun 21)
- <Possible follow-ups>
- RE: Worm1800.exe on UnderNet? Darren Windham (Jun 20)