[unisog] Re: Possible new virus running
michael.holstein at csuohio.edu
Wed Feb 2 14:38:47 GMT 2005
Peter Van Epp wrote:
> Still don't know what it is (several AV programs find nothing but the
> machine is still infected), but it is calling home to port 30591 on a variety
> of hosts (many of them apparantly web hosting sites such as theplanet.com)
> after which they start scanning for port 445 according to argus.
Haven't seen it here yet (just checked) ... but if anyone has dumps of
the controller traffic (eg: -s 1500 port 30591) please make it available.
More information about the unisog