Kibuv.B opens a backdoor on TCP port 420, then uses TCP high ports 5000, 6667 & 7955: http://www.sarc.com/avcenter/venc/data/w32.kibuv.b.html
Bobax.C: http://www.sarc.com/avcenter/venc/data/w32.bobax.c.html Jim Blunt E-mail / Antivirus Admin Bechtel Hanford, Inc. -----Original Message----- From: Woodruff, Michael [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 19, 2004 10:09 AM To: Exchange Discussions Subject: RE: Latest Virus port 5000? Does anyone have a disinfection tool available for Bobax.C? This is what it has to be. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Marty Gavin Sent: Wednesday, May 19, 2004 12:54 PM To: Exchange Discussions Subject: RE: Latest Virus port 5000? http://tinyurl.com/3cjo3 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Woodruff, Michael Sent: Wednesday, May 19, 2004 12:50 PM To: Exchange Discussions Subject: Latest Virus port 5000? We are getting hammered by a virus that is hammering port 5000. I have all the latest sophos IDEs and have scanned an infected pc. It found nothing. It is using the lsass vulnerability found on Microsoft products. I see something about kibuv, but cannot find anything. Thanks. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang=english To unsubscribe send a blank email to %%email.unsub%% Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang=english To unsubscribe send a blank email to %%email.unsub%% Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe send a blank email to %%email.unsub%% Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
