To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- Hi Killed a Trojan on a workstation that was constantly connecting to 66.197.216.149 on port 80 It uses filenames associated with Backdoor.Haxdoor but they are not detected by any AV or Anti Spy ware software that I have tried. Unfortunately I did not trap any of the traffic it generated only the logs. And I am still analyzing them. Any suggestions.
More info 192.168.10.119 Accessed URL 66.197.216.149:/Ffgj3dsw/bsrv.php?lang=ENU&pal=0&bay=0&gold=0&id=2222&pa ram=16661&socksport=20454&httpport=21219&uptimem=51&uptimeh=62&uid=[5278 947655522557439]&wm=0&ver=88(A) -------------------------------------- 66.197.216.149/Ffgj3dsw/bsrv.php? lang=ENU& pal=0& bay=0& gold=0& id=2222& param=16661& socksport=20454& httpport=21219& uptimem=51& uptimeh=62& uid=[5278947655522557439]& wm=0& ver=88(A) ------------------------------------- John IS Analyst _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
