|
|
#1
August 3rd, 2003, 10:36 PM
|
|||
|
|||
Backdoor.IRC.Cirebot...installs a backdoor Trojan Horse.
 FYI...from Symantec:http://securityresponse.symantec.com...c.cirebot.html "...Backdoor.IRC.Cirebot is a threat which exploits the Microsoft DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) to install a backdoor Trojan Horse on vulnerable systems. Backdoor.IRC.Cirebot consists of a Backdoor component, and a Hacktool component which installs the backdoor on systems which are vulnerable to the exploit. Signs of infection: the existence of the files c:\rpc.exe, c:\rpctest.exe, or c:\lolx.exe. Signs that a network is being attacked: traffic on port 445 to sequential IP addresses. Signs that an attack has succeeded (allowing a remote shell and downloading of the backdoor): port 57005 open; an ftp connection on port 69..." - See also this thread: http://www.wilderssecurity.com/showt...77483#msg77483.
__________________
AplusWebMaster ~ www.apluswebmaster.net Are you up to date or vulnerable to Hackers? |
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
