[unisog] Anyone recognize what this one is?

Anderson Johnston andy at umbc.edu
Thu Aug 7 16:53:50 GMT 2003


If it's not too much trouble, would you mind posting a short description
of the files your windows worker found (directory, name, size)?

					Thanks,
						- andy

On Thu, 7 Aug 2003, Peter Van Epp wrote:

> 	My windows person doesn't think the files he has match the description
> of this one. He is considering sending it along to one of the antivirus vendors
> as possibly a new one. I sent a heads up to the target of the IRC connection
> and the admin there says he is seeing a fair number of attempts to connect
> to the server which apparantly doesn't exist on his site, so it looks to
> perhaps be more than just us. We don't know how this infection happened
> because its a laptop and we believe it was infected at home on the cable
> network (if it had been here, argus would at least have a record of the
> incoming connections). The network it was on here can't get out to the net
> and the attempt to connect to the IRC server is what got it caught, so I also
> can't tell if it would have connected to the IRC server and no one else from
> here has tried in the last week or so.
>
> Peter Van Epp / Operations and Technical Support
>
>
> On Thu, Aug 07, 2003 at 08:28:53AM -0400, Stephanie Hagopian wrote:
> > It's most likely Backdoor.IRC.Flood.F--it came out a few days ago and
> > comes in through port 6667 and exploits weak passwords via IRC. Check
> > out the Symantec link:
> >
> > http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.flood.f.html
> >
> > --
> > Stephanie Hagopian
> > IT Security Analyst
> > University of North Carolina-Chapel Hill
> > 105 Abernethy Hall
> >
> > mailto:shagopia at unc.edu
> >
> > https://www.unc.edu/security/staff/shagopia
>

------------------------------------------------------------------------------
** Andy Johnston (andy at umbc.edu)          *            pager: 410-678-8949  **
** Manager of IT Security                 * PGP key:(afj2002) 4096/8448B056 **
** Office of Information Technology, UMBC *   4A B4 96 64 D9 B6 EF E3 21 9A **
** 410-455-2583 (v)/410-455-1065 (f)      *   46 1A 37 11 F5 6C 84 48 B0 56 **
------------------------------------------------------------------------------



More information about the unisog mailing list