OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Garramone, Michael (CCI-Las Vegas) (Michael.Garramone_at_cox.com)
Date: Wed Sep 04 2002 - 18:51:14 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Sorry for the missing details. They were all found the online scanner at http://housecall.antivirus.com. They included a variant of subseven, latinus, sua.a, and sua.b. McAfee and Norton did not find them, but the customers may not have had the latest virus defintion updates.

    -----Original Message-----
    From: Garramone, Michael (CCI-Las Vegas)
    Sent: Wednesday, September 04, 2002 8:31 AM
    To: Andrey G. Sergeev (AKA Andris); Incidents List
    Subject: RE: Any tcp/608 activity?

    Last week I received spam complaints against 4 different customers, all the same message and all with no knowledge of the incident. The only similarity I could find was port 608 open on each user's machine. Telnet to this port returned a number sequence, and successive telnets increased the number returned. Each customer found a trojan/backdoor installed, but not all the same one.

    -----Original Message-----
    From: Andrey G. Sergeev (AKA Andris) [mailto:andrisaernet.ru]
    Sent: Saturday, August 31, 2002 10:06 AM
    To: Incidents List
    Subject: Any tcp/608 activity?

    Hello!

    Did anyone here seen *any* activity, either legal or suspicious, on
    TCP port 608 for, say, past 3 months? My question _isn't related_ to
    Sender-Initiated/Unsolicited File Transfer proto (RFC 1440) although
    I'm still interested in your comments if you're using this service and
    have some records in the SIFT-UFT daemon logs saying something like
    "Unrecognized command", "Invalid data", "Bad request" and so on.

    Thanks. 

    -- 

    Yours sincerely,

    Andrey G. Sergeev (AKA Andris)

    ----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

    ----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

    ----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com