Re: The victims of RPC Trojan Gimmiv were XP boxes in Asia

["Alex Eckelberry" <AlexE () sunbelt-software com>]

> There is one machine registered to Microsoft IP too.

Almost certainly a test system (at least, one hopes).

 

-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org]
On Behalf Of Juha-Matti Laurio
Sent: Friday, October 31, 2008 8:23 AM
To: funsec () linuxbox org
Subject: [funsec] The victims of RPC Trojan Gimmiv were XP boxes in Asia

A list of hundreds Windows machines has been released by 0x000000.com
recently.
The list entitled RPC Worm Victim List states that the victim machines
are mainly Windows XP machines (i.e. MSIE 6.0 or MSIE7.0; Windows NT 5.1
in browser's user agent).

I made a script yesterday to generate WHOIS queries and the results say
that the victim machines are located mainly in Asian area.

There is one machine registered to Microsoft IP too.

Link to my newest SecuriTeam blog entry below:
http://blogs.securiteam.com/index.php/archives/1154

Juha-Matti

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.