Phel
http://www.symantec.com/security_response/writeup.jsp?docid=2004-122717-5050-99&tabid=2
downloads and executes Coreflood
http://www.symantec.com/security_response/writeup.jsp?docid=2002-112912-2439-99
which doesn't sound like your problem.
On 2/1/07, Paul D. Robertson <paul@compuwar.net> wrote:
> On Thu, 1 Feb 2007, Brian Loe wrote:
>
> > One of our support technician's machines is attempting to connect to
> > random IP addresses on port 25 - in a pretty needy fashion. He says
> > he's scanned the box with the latest updates from McAffee and it
> > hasn't found anything.
> >
> > We discovered it because one of my basic (meaning I got it off the
> > 'Net) rules for SEC flagged it as a possible PHEL trojan.
> >
> > Any thoughts?
>
> See what process keeps opening sockets?
>
> Paul
> -----------------------------------------------------------------------------
> Paul D. Robertson "My statements in this message are personal opinions
> paul@compuwar.net which may have no basis whatsoever in fact."
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>
--
Best regards,
Julian Dragut
www.networkmanager.org
If you knew that you wouldn't fall, how far would you have gone?
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
|