To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- Do you know the port this is exploiting?
-----Original Message----- From: Alavan [mailto:[EMAIL PROTECTED] Sent: Thursday, September 21, 2006 11:03 PM To: Elia Florio Cc: [email protected] Subject: Re: [botnets] Possible zero-day exploit? To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- Thanks Gadi. I hadn't been checking my [botnet] box, so I missed the discussion. My apologies. Lots of good info there. I just found it bizarre that we began getting flooded for about 2 hours and then it tapered off to almost nothing. I wonder what website/e-mail they're all visiting/clicking on that's getting them in trouble.....if I get any info on this, I'll forward it. Tomorrow morning, I'll be cleaning a customer's PC that was infected. I may or may not get further information. The symptoms were IE closing right after opening. Disabling "Enable 3rd party browser extensions" allows IE to run properly. Another post states that disabling Javascripting does the same. We had probably several hundred trends (customer support reps trending their issue with the customer) between 3:30pm and 5:00pm PST and then it started tapering off. Alavan ----- Original Message ----- From: "Elia Florio" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, September 21, 2006 5:49 PM Subject: Re: [botnets] Possible zero-day exploit? > Your symptoms look very similar to the recent VML 0day exploit for IE. > Any sample/page to submit? Any URL to analyze? > > EF > > ----- Original Message ----- > From: "Alavan" <[EMAIL PROTECTED]> > To: <[email protected]> > Sent: Friday, September 22, 2006 2:22 AM > Subject: [botnets] Possible zero-day exploit? > > >> To report a botnet PRIVATELY please email: [EMAIL PROTECTED] >> ---------- >> I work at a Tier 1 ISP (Cox Communications). We are getting slammed with >> customers calling regarding IE closing right after opening (thousands of >> calls). Normally this is virus related. I have to look at a machine to >> see what's going on.... >> >> If anyone hears anything...... >> >> Regards, >> >> Alavan >> _______________________________________________ >> To report a botnet PRIVATELY please email: [EMAIL PROTECTED] >> All list and server information are public and available to law >> enforcement upon request. >> http://www.whitestar.linuxbox.org/mailman/listinfo/botnets >> > > _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
