[Intrusions] Interesting little piece of malware...
don murdoch
djmurd at cox.net
Thu Sep 23 01:01:55 GMT 2004
All -
I have it on firm authority from one of our system engineers
that the BotNet visiting my U. has the ability to enumerate
accounts from the SAM, blast a huge password list against it,
and actually zap a machine w/ the same password as a user name.
There was a "mitigating event" today at work.
We are continuing to take prudent steps to deal, and seeing IRC
traffic on non standard ports from +1024 ports ... and seeing that
the executable name is changing (randomizing), but the MD5s are the
same (interesting wrinkle, eh)?
Basically - we are being attacked in the traditional way
that an attacker goes about collecting a BotArmy. And we
are stepping up, dealing, etc ... and it is quite an education!!!!
HA!
Also - we are at a < 5% threshold ...
Don "stressed, depressed, and taking names" M.
More information about the Intrusions
mailing list