[Dshield] Continued Sighting of Download.Ject

Jeff Kell jeff-kell at utc.edu
Mon Jun 28 20:10:32 GMT 2004


OK, the source host of the malware has been taken offline, but I'm still 
getting hits on my router egress blocking connection attempts to the 
site, so it appears there are still infected servers out there.  But...

If the "bootstrap" malware javascript makes it to the point of trying to 
download the main payload but fails, does it leave anything dangerous on 
the client?  Is the "bootstrap" malicious, or does it go away?  Is there 
something we need to look for on the clients triggering the block?

Just being paranoid...
Jeff




More information about the list mailing list