To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- Symantec was my first one to try on the file, I run it through several at www.virustotal.com where I also left the file for distribution. Symantec has still not included it in its AV definitions, even it is more than 24 hours since I send it to them. McAfee has the file listed since 5-23-06, so it is the same old story that the more secure the systems have become the fewer report to the AV vendors. I think they need to get I little more aggressive themselves in using honeypots and so on.
John IS Analyst -----Original Message----- From: Thomas Raef [mailto:[EMAIL PROTECTED] Sent: Monday, October 09, 2006 4:06 AM To: John Holan; botnets@whitestar.linuxbox.org Subject: Re: [botnets] New Botnet or what From: John Holan [mailto:[EMAIL PROTECTED] Sent: Thu 10/5/2006 3:43 PM To: botnets@whitestar.linuxbox.org Subject: [botnets] New Botnet or what To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- Hi Killed a Trojan on a workstation that was constantly connecting to 66.197.216.149 on port 80 It uses filenames associated with Backdoor.Haxdoor but they are not detected by any AV or Anti Spy ware software that I have tried. Unfortunately I did not trap any of the traffic it generated only the logs. And I am still analyzing them. Any suggestions. More info 192.168.10.119 Accessed URL 66.197.216.149:/Ffgj3dsw/bsrv.php?lang=ENU&pal=0&bay=0&gold=0&id=2222&pa ram=16661&socksport=20454&httpport=21219&uptimem=51&uptimeh=62&uid=[5278 947655522557439]&wm=0&ver=88(A) -------------------------------------- 66.197.216.149/Ffgj3dsw/bsrv.php? lang=ENU& pal=0& bay=0& gold=0& id=2222& param=16661& socksport=20454& httpport=21219& uptimem=51& uptimeh=62& uid=[5278947655522557439]& wm=0& ver=88(A) ------------------------------------- John IS Analyst What AV did you test with? Just curious. Thank you. _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets