[unisog] phishing attack against email credentials at auckland.ac.nz
r.fulton at auckland.ac.nz
Tue Jun 7 07:25:29 GMT 2005
On Tue, 2005-06-07 at 00:38 -0400, Russell Kaiser wrote:
> Looking at Symantec's website, I see a W32/Mytob.DJ that now matches
> the emails people are seeing and also mentions the 209.67 addresses
> people are seeing:
yes, we got updates from Symantec about 2 hours after the event.
> Note that the virus description also mentions an IRC controller
> (irc.blackcarder.net port 7000).
We had machines trying to connect to two different IRC servers, from my
220.127.116.11 ns32200.ovh.net Possible sdbot floodnet detected attempting to IRC 29
18.104.22.168 serv-2-5-163.lycos-vds.com Possible sdbot floodnet detected attempting to IRC 55
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 2201 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20050607/cea93262/smime-0001.bin
More information about the unisog