Snort mailing list archives
Microsoft "solves" hacking mystery (Was RE: WIN2K IRC Trojan)
From: "Wirth, Jeff" <WirthJe () DNB com>
Date: Tue, 10 Sep 2002 13:49:19 -0400
...makes you wonder if the experts at Microsoft PSS can even spell "security"....;-)
From news.com (cnet):
"Microsoft has determined that these attacks do not appear to exploit any new product-related security vulnerabilities and do not appear to be viral or worm-like in nature," the software giant stated in an advisory posted late Friday. "Instead, the attacks seek to take advantage of situations where (proper) precautions have not been taken." http://news.com.com/2100-1001-957159.html?tag=fd_top - Jeff
-----Original Message----- From: Matt Yackley [mailto:Matt.Yackley () perkinswill com] Sent: Friday, September 06, 2002 4:39 PM To: 'Mike Shaw'; 'snort-users () lists sourceforge net' Subject: RE: [Snort-users] WIN2K IRC Trojan Still trying to find out myself, this article from Wired seems to have the most actual info I have seen yet, but its not much.... http://www.wired.com/news/technology/0,1282,54942,00.html Also the information in the article is more of what the trojans do, but so far I haven't seen any info on how the trojans get planted in the first place..... I'm guessing that someone is taking advantage of CR/Nimda/SQLSnake infected machines to get in and plant this updated IRC backdoor... Well that's my theory anyway :) Matt -----Original Message----- From: Mike Shaw [mailto:mshaw () wwisp com] Sent: Friday, September 06, 2002 3:14 PM To: Ian Macdonald; F.M. Taylor; snort-users () lists sourceforge net Subject: Re: [Snort-users] WIN2K IRC Trojan What are the details on the trojan? I may have a copy on the way. -Mike At 03:53 PM 9/6/2002 -0400, Ian Macdonald wrote:If anyone has any details on how this works please send them to the snort-sigs mailing list so we can write some sigs. Ian ----- Original Message ----- From: "F.M. Taylor" <root () uranium indstate edu> To: <snort-users () lists sourceforge net> Sent: Friday, September 06, 2002 3:11 PM Subject: [Snort-users] WIN2K IRC TrojanDudez, wtf is up with this trojan/hack/bot/win2k exploitthat seems to bespeading itself fairly rapidly. Is there a sig for thisyet? Does anyoneeven know how this thing is being spread?? -- Mike Taylor Coordinator of Systems Administration and Network Security Indiana State University. Rankin Hall Rm 053 210 N 7th St. Terre Haute, IN. SANS GSEC http://www.sans.org/ ------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Microsoft "solves" hacking mystery (Was RE: WIN2K IRC Trojan) Wirth, Jeff (Sep 10)