Matt, By now, you've probably heard a thousand times that "nc" is netcat. While it's highly likely to be the case, there is a possibility that it isn't. Why? B/c programs can be named anything, can't they?
Here's what I suggest you do if you find a suspicious file on your system... 1. Check to see if the file is an image for a running process. If so, get as much info as you can...such as a dump of the process's memory (on Win32, do this w/ pmdump.exe...then run 'strings' on the output to look for interesting info). Also, get the command line used to launch the process using listdlls.exe or tlist.exe. 2. On *nix systems, run 'file' against is. On win32 systems, check the file signature...just b/c the extension is 'exe', doesn't mean that it is really an executeable. 3. On all systems, run 'strings' to see if there's any info of use. Just some thoughts...it's widely known on Win32 systems that anything can be named anything...'netcat' can easily be installed as inetinfo.exe or svchost.exe... Harlan __________________________________ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
