The Backdoor CEB is very old as per Mcafee and the message is that of a
Reptile FTP Server.
What you might be seeing is a variant of the ZOTOB which is right now
installing FTP backdoor servers.
Thanks.
----------------------------------------------
To have known the best, and to have known it for the best, is success in
life.
-----Original Message-----
From: Shiva Palancha [mailto:shivapalancha (at) gmail (dot) com [email concealed]]
Sent: Monday, August 22, 2005 7:36 AM
To: Jack Vizelter
Cc: focus-virus (at) securityfocus (dot) com [email concealed]
Subject: Re: New Virus/Worm
Please check this info published on Symantec's website -
On 8/21/05, Jack Vizelter <jack (at) mail.rockefeller (dot) edu [email concealed]> wrote:
> Since about 5pm last night, we've been hit hard, so far about 60
computers,
> mostly running Windows 2000 got infected.
>
> All infected computers show a backdoor on a random TCP port such as:
>
> xxx.xx.xxx.xxx 5794/tcp dhcp-xxx-xxx.xxxxxxxxx.xxx
> 220 Reptile welcomes you....
>
> Has anyone seen or expierenced similar?
>
> We don't know what processes are running on the PC's until tomorrow
when we
> can get to them.
>
> Any and all info is greatly appreciated.
>
> Thanks,
> -jack
>
>
>
Reptile FTP Server.
What you might be seeing is a variant of the ZOTOB which is right now
installing FTP backdoor servers.
Thanks.
----------------------------------------------
To have known the best, and to have known it for the best, is success in
life.
-----Original Message-----
From: Shiva Palancha [mailto:shivapalancha (at) gmail (dot) com [email concealed]]
Sent: Monday, August 22, 2005 7:36 AM
To: Jack Vizelter
Cc: focus-virus (at) securityfocus (dot) com [email concealed]
Subject: Re: New Virus/Worm
Please check this info published on Symantec's website -
http://www.symantec.com/avcenter/venc/data/backdoor.darkmoon.html
regards,
Shiva Palancha
On 8/21/05, Jack Vizelter <jack (at) mail.rockefeller (dot) edu [email concealed]> wrote:
> Since about 5pm last night, we've been hit hard, so far about 60
computers,
> mostly running Windows 2000 got infected.
>
> All infected computers show a backdoor on a random TCP port such as:
>
> xxx.xx.xxx.xxx 5794/tcp dhcp-xxx-xxx.xxxxxxxxx.xxx
> 220 Reptile welcomes you....
>
> Has anyone seen or expierenced similar?
>
> We don't know what processes are running on the PC's until tomorrow
when we
> can get to them.
>
> Any and all info is greatly appreciated.
>
> Thanks,
> -jack
>
>
>
[ reply ]