To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
--
Symantec was my first one to try on the file, I run it through several at
www.virustotal.com where I also left the file for distribution.
Symantec has still not included it in its AV definitions, even it is more than
24 hours since I send it to them.
McAfee has the file listed since 5-23-06, so it is the same old story that the
more secure the systems have become the fewer report to the AV vendors.
I think they need to get I little more aggressive themselves in using honeypots
and so on.
John
IS Analyst
-Original Message-
From: Thomas Raef [mailto:[EMAIL PROTECTED]
Sent: Monday, October 09, 2006 4:06 AM
To: John Holan; botnets@whitestar.linuxbox.org
Subject: Re: [botnets] New Botnet or what
From: John Holan [mailto:[EMAIL PROTECTED]
Sent: Thu 10/5/2006 3:43 PM
To: botnets@whitestar.linuxbox.org
Subject: [botnets] New Botnet or what
To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
--
Hi
Killed a Trojan on a workstation that was constantly connecting to
66.197.216.149 on port 80
It uses filenames associated with Backdoor.Haxdoor but they are not
detected by any AV or Anti Spy ware software that I have tried.
Unfortunately I did not trap any of the traffic it generated only the
logs. And I am still analyzing them.
Any suggestions.
More info
192.168.10.119 Accessed URL
66.197.216.149:/Ffgj3dsw/bsrv.php?lang=ENUpal=0bay=0gold=0id=pa
ram=16661socksport=20454httpport=21219uptimem=51uptimeh=62uid=[5278
947655522557439]wm=0ver=88(A)
--
66.197.216.149/Ffgj3dsw/bsrv.php?
lang=ENU
pal=0
bay=0
gold=0
id=
param=16661
socksport=20454
httpport=21219
uptimem=51
uptimeh=62
uid=[5278947655522557439]
wm=0
ver=88(A)
-
John
IS Analyst
What AV did you test with? Just curious.
Thank you.
___
To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
All list and server information are public and available to law enforcement
upon request.
http://www.whitestar.linuxbox.org/mailman/listinfo/botnets