Security Incidents mailing list archives
notepad.exe backdoor
From: Ron Cohen <rony () rony clara net>
Date: Sun, 19 Nov 2000 10:39:02 -0000
Hi can't remember seeing that on the list - so here it is: while trying to insall a game on my kids pc, i noticed a notepad process running as a hidden window. furtur investigation revealed that: o upon startup it trys to connect to 202.106.185.107:25; o listen to about 10 tcp ports from 1024 upward; o propagates itself via sharing; o insatll itself in run with the key satrtIE; o when starting it without any arguments a very similar window to the real notepad pops up , except for the microsoft signutures. o the original notepad is saved as note.com. drop me a line if you want a copy. ------------------ Ron Cohen
Current thread:
- notepad.exe backdoor Ron Cohen (Nov 21)
- <Possible follow-ups>
- Re: notepad.exe backdoor Grunberg, Jeffrey (Nov 22)