Hi All,
I am seeing some network traffic for some windows host trying to
contact random remote hosts port 445 and these hosts also try to
connect 212.175.149.149.6667
Is this some kind of an IRC bot/trojan?
Anybody aware of it?
We cannot find anything with the virus scanner.
This virus is very
Can you verify if you have any connections making it out to that
212.175.149.149 address? It appears to be a host located in Turkey.
I may have already pulled the whois info on this host from ripe.net
From looking at the contact info for the host is looks like possibly a
broadband provider in
Of
Murat Bicer
Sent: Friday, October 22, 2004 3:39 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: [Full-Disclosure] Virus/Trojan trying to connect
external:445 and 212.175.149.149.6667
Hi All,
I am seeing some network traffic for some windows host trying
to contact random remote hosts
, January 09, 2004 8:47 PM
Subject: [Full-Disclosure] Virus / Trojan
Today found this suspicious file attached to an email, obviously is a virus
(our AV dont detect it :-( ). The virus/trojan is very simple, the
developer only put effort in obfuscate the strings inside the binary.
The executable file
Today found this suspicious file attached to an email, obviously is a virus
(our AV don´t detect it :-( ). The virus/trojan is very simple, the
developer only put effort in obfuscate the strings inside the binary.
The executable file try to connect to gamemaniacs.org and download a file.
This
- Original Message -
From: Otero, Hernan (EDS) [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, January 09, 2004 2:47 PM
Subject: [Full-Disclosure] Virus / Trojan
Today found this suspicious file attached to an email, obviously is a virus
(our AV don´t detect it :-( ). The virus
It's the Xombe Trojan/Downloader.
-Original Message-
From: Otero, Hernan (EDS) [mailto:[EMAIL PROTECTED]
Sent: Friday, January 09, 2004 11:48 AM
To: [EMAIL PROTECTED]
Subject: [Full-Disclosure] Virus / Trojan
Today found this suspicious file attached to an email,
obviously
Otero, Hernan (EDS) wrote:
Today found this suspicious file attached to an email, obviously is a virus
(our AV don´t detect it :-( ). The virus/trojan is very simple, the
developer only put effort in obfuscate the strings inside the binary.
The executable file try to connect to
http://securityresponse.symantec.com/avcenter/venc/data/trojan.xombe.html
Otero, Hernan (EDS) wrote:
Today found this suspicious file attached to an email, obviously is a virus
(our AV don´t detect it :-( ). The virus/trojan is very simple, the
developer only put effort in obfuscate the strings
[EMAIL PROTECTED] wrote:
Today found this suspicious file attached to an email,
obviously is a virus
[...]
any one know what virus/trojan is this?
-H
VIRUS1_DETECTED_AND_REMOVED_winxp_sp1_VIRINFO.TXT
there's something on the symantec's website, page that
was posted on
Otero, Hernan (EDS) [EMAIL PROTECTED] wrote:
Today found this suspicious file attached to an email, obviously is a virus
(our AV don´t detect it :-( ). The virus/trojan is very simple, the
developer only put effort in obfuscate the strings inside the binary.
If you suspect it is a virus, why
-BEGIN PGP SIGNED MESSAGE-
Hash: MD5
Hello
This trojan:
- From Sophos
Troj/Dloader-L
Aliases
TrojanDownloader.Win32.Xombe
Type Trojan
Description
Troj/Dloader-L is a downloading Trojan that downloads and executes another program
from the internet. At the time of writing this
12 matches
Mail list logo