[Dshield] Iran Air Filght system infected with deloder??

Darwin darwin at netmadeira.com
Mon Mar 10 18:36:51 GMT 2003


I received this today morning.
Just for curiosity I tried 81.91.130.101:80 and it led to a site claiming to
be Air Iran Flight System.
If that is indeed part of the Air Iran flight system I can figure the
objective of infecting it with a backdoor VNC like :)
This sounds like conspiracy theory, but wasn't this worm, or one of its
ancestors, called IraqOil?

03/10-07:05:56.233664  [**] [1:0:1] SCAN microsoft-ds Server attempt [**]
[Classification: Detection of a Network Scan] [Priority: 3] {TCP}
81.91.130.101:2622 -> 213.190.212.9:445

Cheers,

Paulo



More information about the list mailing list