On Mon, 27 Sep 2004 14:44:58 -0300, Bernardo Santos Wernesback <[EMAIL PROTECTED]> wrote: > > Hi everyone, > > Has anyone seen a lot of HTTP activity to a certain site: > http://www.fotosgratis.pop.com.br ? > > One of our clients has several machines making tons of requests for TXT files on > that server: > > botao.txt > mswinsck.txt > ita01.txt > caixa01.txt > teclado07.txt > caixa01.txt > caixa02.txt > caixa03.txt > caixa04.txt > caixa05.txt > > Thanks for any info., > > > > _____________________________________________________ > > > Bernardo Santos Wernesback > > > > > ESSE,ESS,SCSE,CCNA/DA, > > > CCSA,CQS,MCP > > > > > > > Consultant / ISH Tecnologia > > > > > Phone: +55-27-3334-8900 > > > > > Mobile: +55-27-8111-0884 > > > Email: [EMAIL PROTECTED] > > PGP Fingerprint: > 6A42 3701 70D7 FD0F 5FA9 D232 CDD4 6189 EF43 95F5 >
I should also mention that the file "mswinsck.txt" is found on machines compromised by these two: W95/[EMAIL PROTECTED] http://vil.nai.com/vil/content/v_98889.htm and Helios http://www.pestpatrol.com/pestinfo/h/helios.asp Another interesting link I found was this one, but I can't translate it: http://big5.pconline.com.cn/b5/www.pconline.com.cn/pcedu/soft/virus/da/0409/449519.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html