site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Broadband Tech > Security > Security > New Worms scanning on 1025 and others

Search Topic:
 Share Topic
Posting?
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
AuthorAll Replies

kpatz
MY HEAD A SPLODE
Premium
join:2003-06-13
Manchester, NH

reply to Link Logger

Re: New Worm scanning on 1025, 2745, 3127 and 6129

When I looked at your port 1025 capture, I saw strings in there that exist in a piece of malware I just dismantled and posted an analysis of in this thread: »nvchip4.exe maybe new virus~~

I wonder if those strings "MARB" and "MEOW" are related to a RPC exploit, or if they are part of that trojan for another reason.
to forum · permalink · 2004-03-08 12:00:31 ·


Link Logger
Premium,MVM
join:2001-03-29
Calgary, AB
kudos:3
Reviews:
·Shaw

Both of those strings also existed in MSBlast (see »www.linklogger.com/msblast.htm ). My 1025 capture is an RPC exploit but is different then MSBlast.

Perhaps 1025 was his infection entry vector.

Blake
--
Vendor: Firewall Logging Software »www.SonicLogger.com - SonicWall and 3Com »www.LinkLogger.com - Linksys, Netgear and Zyxel

to forum · permalink · 2004-03-08 12:05:31 ·

kpatz
MY HEAD A SPLODE
Premium
join:2003-06-13
Manchester, NH

I guess those strings are part of the RPC exploit vector then. Well, time to post another new piece of info in the other thread!

to forum · permalink · 2004-03-08 12:14:45 ·
Forums > Broadband Tech > Security > Security

Monday, 04-Jun 10:44:55 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 12.5 years online © 1999-2012 dslreports.com.
Most commented news this week
Hot Topics