Security Incidents mailing list archives
undetected DDOS
From: Chris Cahill <chris () coreds net>
Date: 28 Apr 2003 19:30:55 -0000
Pulled an .exe off of a customers machine this morning. Undetected by NAV, scanmail, or anything else. Customer had "preview pane" on in OE 6.0, and it dropped sysh0st.exe into winnt/system32, installed an entry into HKLM/software/microsoft/windows/currentversion/run. The sysh0st.exe service then watches irc on 65.35.56.26 for commands. Once it activated it degraded the customers network beyond use due to the ammount of traffic being generated. ---------------------------------------------------------------------------- Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-incidents ----------------------------------------------------------------------------
Current thread:
- undetected DDOS Chris Cahill (Apr 29)