Security Incidents mailing list archives

Re: Re: Increased activity on port 110

From: phishtracker () gmail com
Date: 26 Feb 2007 20:20:33 -0000

Yes, I'm seeing it too only on our Windows dedicated server farm. It appears to be related to MailEnable (Ensim/Plesk 
Customers). How they are getting infected I'm not sure yet. Possibly via servers with unpatched MailEnable. "rdriv.sys" 
gets installed in the "Windows\system32" folder.

Systems that got infected were also attempting to connect too x.x.x.x.01032-062.023.175.071.00081: PONG irc.hosted1.net 
which no longer appears up. 

-------------------------------------------------------------------------
This list sponsored by: SPI Dynamics

ALERT: "How a Hacker Launches a SQL Injection Attack!"- 
SPI Dynamics White Paper 
It's as simple as placing additional SQL commands into a Web Form input 
box giving hackers complete access to all your backend systems! 
Firewalls and IDS will not stop such attacks because SQL Injections are 
NOT seen as intruders. Download this *FREE* white paper from SPI Dynamics 
for a complete guide to protection! 

https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000CiNE
--------------------------------------------------------------------------

Current thread:

Increased activity on port 110 joakim . berge (Feb 26)
- Re: Increased activity on port 110 vtlists (Feb 26)
- <Possible follow-ups>
- Re: Re: Increased activity on port 110 phishtracker (Feb 26)
- Re: Increased activity on port 110 joakim . berge (Feb 27)