[nsp-sec] Possible 700k+ node botnet
Florian Weimer
fweimer at bfk.de
Thu Oct 2 06:02:34 EDT 2008
* Rob Thomas:
> ----------- nsp-security Confidential --------
>
> Possibly related:
>
> <http://www.anchiva.com/virus/view.asp?vname=Worm/Sohanad.AACA@im>
> <http://www.threatexpert.com/report.aspx?uid=b68593a2-5121-4391-b714-547659808785>
Not sure about this. The samples I looked at (briefly) are
predominantly recognized as "Autoit", and they install themselves as
WINDOWS/system32/regsvr.exe and "WINDOWS/system32/svchost .exe" (not
SCVHOST.exe and blastclnnn.exe).
(c821919cb59a59a3753d80fbbbd086f3 and 4f095353c987f5bcecca33e0985ccb11
are two such samples.)
--
Florian Weimer <fweimer at bfk.de>
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstraße 100 tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721-96201-99
More information about the nsp-security
mailing list