[Dshield] Continued Sighting of Download.Ject
jeff-kell at utc.edu
Mon Jun 28 20:10:32 GMT 2004
OK, the source host of the malware has been taken offline, but I'm still
getting hits on my router egress blocking connection attempts to the
site, so it appears there are still infected servers out there. But...
download the main payload but fails, does it leave anything dangerous on
the client? Is the "bootstrap" malicious, or does it go away? Is there
something we need to look for on the clients triggering the block?
Just being paranoid...
More information about the list