[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Sears Scam Trojan Code

To: segfault <segfault@nycap.rr.com>
Subject: Re: [Full-Disclosure] Sears Scam Trojan Code
From: Jarkko Turkulainen <jt@klake.org>
Date: Sat, 27 Dec 2003 20:23:22 +0200 (EET)

Took some time to realize, but the proxy is a standard SOCKS V4. What's
interesting, the proxy port is chosen by the system (next port
available) and it's announced every 30 secs to cjdra.com as indicated in
the earlier post. The cjdra.com IP also seem to change very often..
That's all, I guess.


Regards,

--
Jarkko Turkulainen <jt@klake.org>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] Sears Scam Trojan Code
  - From: "segfault" <segfault@nycap.rr.com>
- Re: [Full-Disclosure] Sears Scam Trojan Code
  - From: Jarkko Turkulainen <jt@klake.org>

Prev by Date: [Full-Disclosure] Landesk Management Suite IRCRBOOT.DLL buffer overflow
Next by Date: [Full-Disclosure] Sears variant
Previous by thread: Re: [Full-Disclosure] Sears Scam Trojan Code
Next by thread: Re: [Full-Disclosure] Sears Scam Trojan Code
Index(es):
- Date
- Thread