[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] New virus?
- To: full-disclosure@xxxxxxxxxxxxxxxx
- Subject: Re: [Full-Disclosure] New virus?
- From: Harlan Carvey <keydet89@xxxxxxxxx>
- Date: Mon, 27 Sep 2004 12:07:46 -0700 (PDT)
Bernardo,
Do you have access to this machine, either physically
or remotely (as an admin)? If so, have you pulled any
data from the system to see what's going on?
--- Bernardo Santos Wernesback <bernardo@xxxxxxxxxx>
wrote:
> Hi everyone,
>
> Has anyone seen a lot of HTTP activity to a certain
> site:
> http://www.fotosgratis.pop.com.br ?
>
> One of our clients has several machines making tons
> of requests for TXT
> files on that server:
>
> botao.txt
> mswinsck.txt
> ita01.txt
> caixa01.txt
> teclado07.txt
> caixa01.txt
> caixa02.txt
> caixa03.txt
> caixa04.txt
> caixa05.txt
>
> Thanks for any info.,
>
>
_____________________________________________________
>
> Bernardo Santos Wernesback
>
>
>
> ESSE,ESS,SCSE,CCNA/DA,
>
> CCSA,CQS,MCP
>
>
>
> Consultant / ISH Tecnologia
>
>
>
> Phone: +55-27-3334-8900
>
> Mobile: +55-27-8111-0884
>
> Email: bernardo@xxxxxxxxxx
>
> PGP Fingerprint:
> 6A42 3701 70D7 FD0F 5FA9 D232 CDD4 6189 EF43
> 95F5
>
>
>
=====
------------------------------------------------------------------------
Harlan Carvey, CISSP
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://groups.yahoo.com/group/windowsir/
------------------------------------------------------------------------
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html