[unisog] Re: Possible new virus running

Michael Holstein michael.holstein at csuohio.edu
Wed Feb 2 14:38:47 GMT 2005


Peter Van Epp wrote:
> 	Still don't know what it is (several AV programs find nothing but the
> machine is still infected), but it is calling home to port 30591 on a variety
> of hosts (many of them apparantly web hosting sites such as theplanet.com)
> after which they start scanning for port 445 according to argus.

Haven't seen it here yet (just checked) ... but if anyone has dumps of 
the controller traffic (eg: -s 1500 port 30591) please make it available.

~Mike.



More information about the unisog mailing list