|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Logon.dll? Possible root-kit?
From: Nick Jacobsen (nick
ethicsdesign.com)
Date: Thu Apr 03 2003 - 14:43:05 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Ok here is link to a rar of the suspected files:
http://www.ethicsdesign.com/HackLog.rar
As some of you said, it looks like there is not a rootkit installed, and it
looks like this was an attempt at making this box join a botnet. A kindly
IRCOp has offered to both decompile the bot dll, and to remove the offending
channel (#thallia), so that is taken care of. Anyway, I did manage to
convince my clients that this was serious enough to warant a wipe of the
data on the machine. I am waiting to see what your analysis of these files
are.
Thank You,
Nick Jacobsen
nickethicsdesign.com
----------------------------------------------------------------------------
Powerful Anti-Spam Management and More...
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.securityfocus.com/SurfControl-incidents
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]