[Snort-users] WIN2K IRC Trojan

Matt Yackley Matt.Yackley at ...5858...
Fri Sep 6 13:43:01 EDT 2002


Still trying to find out myself, this article from Wired seems to have the
most actual info I have seen yet, but its not much....
http://www.wired.com/news/technology/0,1282,54942,00.html

Also the information in the article is more of what the trojans do, but so
far I haven't seen any info on how the trojans get planted in the first
place.....

I'm guessing that someone is taking advantage of CR/Nimda/SQLSnake infected
machines to get in and plant this updated IRC backdoor... Well that's my
theory anyway :)

Matt

-----Original Message-----
From: Mike Shaw [mailto:mshaw at ...3165...]
Sent: Friday, September 06, 2002 3:14 PM
To: Ian Macdonald; F.M. Taylor; snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] WIN2K IRC Trojan


What are the details on the trojan?  I may have a copy on the way.

-Mike

At 03:53 PM 9/6/2002 -0400, Ian Macdonald wrote:
>If anyone has any details on how this works please send them to the
>snort-sigs mailing list so we can write some sigs.
>
>Ian
>----- Original Message -----
>From: "F.M. Taylor" <root at ...28...>
>To: <snort-users at lists.sourceforge.net>
>Sent: Friday, September 06, 2002 3:11 PM
>Subject: [Snort-users] WIN2K IRC Trojan
>
>
> >
> > Dudez, wtf is up with this trojan/hack/bot/win2k exploit that seems to
be
> > speading itself fairly rapidly.  Is there a sig for this yet?  Does
anyone
> > even know how this thing is being spread??
> >
> >
> > --
> > Mike Taylor
> > Coordinator of Systems Administration and Network Security
> > Indiana State University.               Rankin Hall Rm 053
> > 210 N 7th St.                           Terre Haute, IN.
> > SANS GSEC  http://www.sans.org/
> >
> >
> >
> > -------------------------------------------------------
> > This sf.net email is sponsored by: OSDN - Tired of that same old
> > cell phone?  Get a new here for FREE!
> > https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
>
>
>
>-------------------------------------------------------
>This sf.net email is sponsored by: OSDN - Tired of that same old
>cell phone?  Get a new here for FREE!
>https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone?  Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list