To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- Has anyone noticed a traffic increase on port UDP/4000 (mainly as src port) in last 2 days? It seems that the latest spam-run of downloaders (dubbed Spam.DAM or TrojanPeacomm) builds a new p2p botnet which communicates using this port.
Packet dumps or any other info is appreciated. The malicious file is "wincom32.sys" which injects the p2p payload into SERVICES.EXE. EF _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
