Thursday, September 4, 2003, 12:05:12 PM, you wrote:
RF> We've had three machines across multiple sites come up
RF> with the backdoor.coreflood trojan today. NAV caught
RF> them all, but I'm wondering how it got in. We block
RF> .exe attachments.
RF> It's my understanding that this thing doesn't
RF> propagate itself. One instance I can understand, but
RF> three seemingly unrelated infections are puzzling.
RF> Is anyone else seeing this, or have any ideas?
we've seen it at the university I work at on at least one machine,
starting yesterday, what the admin there has tracked it back to was a
website for a radio station that the user had gone to out of Vermount
if I recall correctly. That was his quick and dirty checking on it at
least.
--
Best regards,
Eric mailto:xnih (at) softhome (dot) net [email concealed]
------------------------------------------------------------------------
---
Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
technical IT security event. Modeled after the famous Black Hat event in
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com
------------------------------------------------------------------------
----
Thursday, September 4, 2003, 12:05:12 PM, you wrote:
RF> We've had three machines across multiple sites come up
RF> with the backdoor.coreflood trojan today. NAV caught
RF> them all, but I'm wondering how it got in. We block
RF> .exe attachments.
RF> It's my understanding that this thing doesn't
RF> propagate itself. One instance I can understand, but
RF> three seemingly unrelated infections are puzzling.
RF> Is anyone else seeing this, or have any ideas?
we've seen it at the university I work at on at least one machine,
starting yesterday, what the admin there has tracked it back to was a
website for a radio station that the user had gone to out of Vermount
if I recall correctly. That was his quick and dirty checking on it at
least.
--
Best regards,
Eric mailto:xnih (at) softhome (dot) net [email concealed]
------------------------------------------------------------------------
---
Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
technical IT security event. Modeled after the famous Black Hat event in
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com
------------------------------------------------------------------------
----
[ reply ]