Security Incidents mailing list archives
Re: mIRC Zombie, port 445
From: Sami Rautiainen <Sami.Rautiainen () F-Secure com>
Date: Wed, 22 Jan 2003 17:15:39 +0200
Hello, Tino Didriksen <sfo () projectjj dk> wrote at 19 Jan 2003 02:03:38 -0000:
I have observed a zombie/trojan on a zombie IRC network that apparently infects vulnerable computers through port 445.
The backdoor uses Sysinternals' psexec tool to run itself in the destination
host. The connection is attempted several times, with a predefined list of
username and password combinations.
Further information is available in our description at:
http://www.f-secure.com/v-descs/novabot.shtml
F-Secure Anti-Virus detects the backdoor with the current updates.
Regards,
Sami
--
Sami Rautiainen F-Secure Corporation
Senior Virus Researcher Anti-Virus Research Team
tel. +358 9 2520 5656 http://www.F-Secure.com
Securing the Mobile, Distributed Enterprise
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
Current thread:
- mIRC Zombie, port 445 Tino Didriksen (Jan 22)
- RE: mIRC Zombie, port 445 Michael LaSalvia (Jan 23)
- <Possible follow-ups>
- Re: mIRC Zombie, port 445 Sami Rautiainen (Jan 23)
- strange traffic Wim Mees (Jan 25)
- Re: strange traffic kris carlier (Jan 26)
- strange traffic Wim Mees (Jan 25)
- RE: mIRC Zombie, port 445 Michael LaSalvia (Jan 25)