Josh, I tried to download the archive, and McAfee alerted me to "W32/Sdbot.worm.gen.g".
From: http://www.sophos.com/virusinfo/analyses/w32sdbotcf.html "W32/SdBot-CF spreads to other computers on the local network protected by weak passwords." > I found this worm/ trojan on a laptop. Ran FPort and > found the .exe. I checked out your web site...don't you think that the information you found via fport would be useful to others, such as the port, etc? > Doesn't look like it propagates to other machines > but rather communicates > with a compromised > web companies server using IRC. The compromised > server has removed the IRC > service. Only sends RST packets back. > > I put it on my site. > > http://www.packetfocus.com/analysis.htm > > I would like to know the attack vectors. I'm > guessing LSASS. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
