Vulnerability Development mailing list archives
A problem domain hosted by you
From: "scott" <scott () graphictype com>
Date: Thu, 27 Dec 2001 20:57:12 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I just found a trojan backdoor virus on my system, and when i hexdumped the file, i found the domain name http://2001-007.com/ referenced in it (about 3/4 the way down the file)... it looks as if the trojan virus is submitting information to this domain name (but i cannot say 100% certainty yet, since i have not setup a honeypot machine, infected it, and tcpdumped the network traffic) I have sent emails to vuln-dev () securityfocus com previously (and Cc'd this email) and posted up all relevant information on my website http://furt.com/grokster/ (I have attached the relevant binaries also), along with the two infected binaries (where you can verify for yourself that 2001-007.com is in fact the domain referenced). I ask for your help and cooperation in verifying whether or not this domain name is collecting user information submitted by the backdoor trojan that infected me, or in fact, finding any information about the website or its owner (as the phone number given in the Whois information is not correct, a person claiming to NOT be John Casey answered the telephone and said that he had never heard of John Casey) I thank you for your time. -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBPCvRc8aXTGgZdrSUEQLx/wCfVacXBNbK51tEQx/7iR5gqZHPJTIAoIU+ KXXa9gVsg9PdbrBd8PdLBKK8 =axT7 -----END PGP SIGNATURE-----
Attachment:
files.zip
Description:
Current thread:
- A problem domain hosted by you scott (Dec 27)