Security Incidents mailing list archives
Re: Re: Increased activity on port 110
From: phishtracker () gmail com
Date: 26 Feb 2007 20:20:33 -0000
Yes, I'm seeing it too only on our Windows dedicated server farm. It appears to be related to MailEnable (Ensim/Plesk Customers). How they are getting infected I'm not sure yet. Possibly via servers with unpatched MailEnable. "rdriv.sys" gets installed in the "Windows\system32" folder. Systems that got infected were also attempting to connect too x.x.x.x.01032-062.023.175.071.00081: PONG irc.hosted1.net which no longer appears up. ------------------------------------------------------------------------- This list sponsored by: SPI Dynamics ALERT: "How a Hacker Launches a SQL Injection Attack!"- SPI Dynamics White Paper It's as simple as placing additional SQL commands into a Web Form input box giving hackers complete access to all your backend systems! Firewalls and IDS will not stop such attacks because SQL Injections are NOT seen as intruders. Download this *FREE* white paper from SPI Dynamics for a complete guide to protection! https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000CiNE --------------------------------------------------------------------------
Current thread:
- Increased activity on port 110 joakim . berge (Feb 26)
- Re: Increased activity on port 110 vtlists (Feb 26)
- <Possible follow-ups>
- Re: Re: Increased activity on port 110 phishtracker (Feb 26)
- Re: Increased activity on port 110 joakim . berge (Feb 27)