Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Re: Re: Increased activity on port 110
Feb 26 2007 08:20PM
phishtracker gmail com
Yes, I'm seeing it too only on our Windows dedicated server farm. It appears to be related to MailEnable (Ensim/Plesk Customers). How they are getting infected I'm not sure yet. Possibly via servers with unpatched MailEnable. "rdriv.sys" gets installed in the "Windows\system32" folder.
[ more ]
Copyright 2010, SecurityFocus