|reply to Link Logger |
Re: El Cheapo Router Challenge
I shut down the victim system after noticing that it went into scan/attack mode and having a little bit of time tonight I thought I would just take a quick look and see what bots I could find that had installed themselves on the unprotected system in the short time that I left it up.
dfrgfat32.exe - infected by Backdoor.Win32.SdBot.afu
msftp.exe - infected by Backdoor.Win32.SdBot.afu
C:\WINDOWS\System32\i - Trojan-Downloader.BAT.Ftp.ab
winPE.exe - infected by Backdoor.Win32.Rbot.va
USBhardware8.exe - infected by Backdoor.Win32.Rbot.gen
service.exe - infected by Backdoor.Win32.Rbot.ul
So you can see the system picked up at least 4 bots in about 2 hours. I didn't surf anywhere other then BBR once which is safe, don't have email, chat, P2P, whatever, so the only way these bots got onto the system was via network exploits, which the NAT Devices where previously protecting the system from.
I should also comment that I did block outbound IRC traffic from the system when I pushed it onto the internet otherwise it likely would have been much worse as the botmasters would have installed even more malware then there was.
Vendor: Firewall Logging Software »www.SonicLogger.com - SonicWall and 3Com »www.LinkLogger.com - Linksys, Netgear and Zyxel
jvmorrisI Am The Man Who Was Not There.Premium,MVM
But did you see any outbound IRC traffic attempts in the logs from the system during that time interval?
Regards, Joseph V. Morris