|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
msmsgs.exe /passportlogon /delaysync /shortpackets
From: jay krous (jaykrous
yahoo.com)
Date: Wed Jul 02 2003 - 16:10:38 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
We found msmsgs.exe and another file
tricklerid-1_trickler_4010.exe on a apparently
compromised host. The host was relaying mail through
18541/tcp which is the port msmsgs.exe was listening
on (thanks fport). I looked all over for somone with
a similiar attack. I'm thinking "bad guys" may using
Microsoft Messenger like IRC to control hosts? I sent
msmsgs.exe into Symantec, no help there, message
below.
Anyone seen something like this or familiar with what
program would be "msmsgs.exe /passportlogon /delaysync
/shortpackets"
----
The file submitted contains no malicious code. It is
used to access a pornographic service. It is safe to
delete this file.
This file, while not malicious, is performing actions
on your machine without your knowledge. We recommend
you delete this file.
__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com
----------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the
world's premier technical IT security event! 10 tracks, 15 training sessions,
1,800 delegates from 30 nations including all of the top experts, from CSO's to
"underground" security specialists. See for yourself what the buzz is about!
Early-bird registration ends July 3. This event will sell out. www.blackhat.com
----------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]