For those of you that don't follow bind-users closely, this is a bit of troubling news. I'm not surprised that a "bad guy" would masquerade his malware as BIND, but to actually see it documented is sad.
AlanC -------- Original Message -------- Subject: Re: Does bind send email? Date: Fri, 9 Jul 2010 12:18:07 +0100 From: tomasz dereszynski <toma...@paraklet.net> To: Alan Clegg <acl...@isc.org> CC: bind-users@lists.isc.org > On 7/9/2010 4:57 AM, Chiesa Stefano wrote: > >> "27/05/2010 17.06.32 1094 C:\bind\bin\named.exe Protezione >> antivirus standard:Impedisci a worm distribuiti tramite mass-mailing di >> inviare messaggi 93.49.247.253:25" >> >> (translated from italian: Prevent mass mailing worms from sending mail). >> >> What is strange is the blocked process: C:\bind\bin\named.exe (our >> Windows 2003 Bind 9.6.0-P1 installation). >> >> So, does bind send email? > > BIND does not send e-mail. I'd be curious if you have any way of > telling exactly what the trigger was for the "anti-virus" code. > > BTW, as I'm sure someone else will if I don't, please start new threads > by sending a new e-mail to bind-users@ and not by replying to another > already in-progress thread. > > AlanC check below link apparently viruses (some) hide themselves behind that name/process. http://www.file.net/process/named.exe.html mind you, it might be something else ... -- bEsT rEgArDs | "Confidence is what you have before you tomasz dereszynski | understand the problem." -- Woody Allen | Spes confisa Deo | "In theory, theory and practice are much numquam confusa recedit | the same. In practice they are very | different." -- Albert Einstein
signature.asc
Description: OpenPGP digital signature
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
