Re: Re: Increased activity on port 110 Feb 26 2007 08:20PM
phishtracker gmail com
Yes, I'm seeing it too only on our Windows dedicated server farm. It appears to be related to MailEnable (Ensim/Plesk Customers). How they are getting infected I'm not sure yet. Possibly via servers with unpatched MailEnable. "rdriv.sys" gets installed in the "Windows\system32" folder.

Systems that got infected were also attempting to connect too x.x.x.x.01032- PONG which no longer appears up.

This list sponsored by: SPI Dynamics

ALERT: "How a Hacker Launches a SQL Injection Attack!"-
SPI Dynamics White Paper
It's as simple as placing additional SQL commands into a Web Form input
box giving hackers complete access to all your backend systems!
Firewalls and IDS will not stop such attacks because SQL Injections are
NOT seen as intruders. Download this *FREE* white paper from SPI Dynamics
for a complete guide to protection!

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus