Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


Re: Secure.dcom.exe
.

  • To: [EMAIL PROTECTED]
  • Subject: Re: Secure.dcom.exe
  • From: Harlan Carvey <[EMAIL PROTECTED]>
  • Date: Thu, 7 Aug 2003 04:09:41 -0700 (PDT)
.
 
I wanted to move away from the topic of the sniffer,
as it seems to be overdone...

I took a look at the executeable.  It doesn't seem to
have any identifying information compiled into it, and
'strings' doesn't reveal anything of interest.  The
exe only depends on two DLLs, and calls only a total
of 4 functions...none of which have to do with
networking.  

Regarding what you're doing to find this malware...the
ftp server and the IRC bot...what tools are you using?
 You mentioned netstat, but are you using any tools to
list processes, map processes to open ports, etc?  If
you use those tools that I've listed before, you'll
most of what you're looking for.

Harlan

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

---------------------------------------------------------------------------
----------------------------------------------------------------------------
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.