Lexus IS Forum banner

1 - 11 of 11 Posts

·
Registered
Joined
·
44,398 Posts
Discussion Starter #1
Hello all,

I'll be here at work all through the night disinfecting our network and closing some nasty security holes...

We were infected with some kind of IRCFlood worm that had our system so bogged down we were unable to ping past the router... had our T1 bandwidth all taken up with whatever the hell it was doing.

Here's my question - I know there are people out there that love to deconstruct these things and maybe even do a little nasty stuff back to the originator. Anyone know where I can send this (these) suckers when I'm though? The strain we have is relatively new (it seems) and there is only one anti-virus company that seems to know about it (sophos). It slipped right through whatever detection systems Norton claimed to offer.

Any takers? It's nothing destructive - just seems to allow outsiders to hog your badwidth and take control of your system... but nothing a firewall won't prevent.

Thanks,

-Justin
(huntin worms through the night!)
www.saltgod.org
 

·
Registered
Joined
·
703 Posts
heh

We run Trend office scan where i work, its pretty solid.

Start closing ports, you only really need 80 and 25 right?

It probably came in as an email attachment, as usual.

And... where to send it ? LoL. You pick :crazy:
 

·
Registered
Joined
·
44,398 Posts
Discussion Starter #3
I'll be closing ports through the night.

I didn't want to send this thing maliciously! I know that some people who work in security like to get them to take them apart and see how they work. ;)

We'll see who brought it in here. I have limited it down to 2 possibilities. I told the two women I would be starting a pool as to who brought it in first. I'll let them know in the morning. ;)

-Justin
 

·
Registered
Joined
·
44,398 Posts
Discussion Starter #5
The end result was basically a denial of service... but a DOS attack generally floods your connection with incoming requests. This is a file running on our machines sending stuff out... which for all I know could be part of a DOS attack on someone else that just happened to bog us down too.

It seems to report back to 216.180.243.59 (orgazmo.wxmail.net). the .exe is adobea.exe. One machine actually has a second file cleverly named System32ex.exe (which seems like it belongs). That one tries to send info to 195.121.6.219 (Diemen2.NL.EU.Undernet.org)... and another one that sends info to a game server in Austria called thebox ... did I mention I will be at this all night? :-?

-Justin
 

·
Mr. Negative
Joined
·
12,387 Posts
beyond the obvious place to send all virus' ???? MicroSoft

Who's the security site that stays on top of this stuff. I've forgoten the site since I'm not in that anymore. They post all info on basically every OS and every application that's exploited. I just can't think of the name right now.

One more reason to use UNIX. ;)
 

·
Registered
Joined
·
44,398 Posts
Discussion Starter #9
If it were up to me I would...

Is there an AS400 terminal for Linux? And an e-mail program compatible with MS Exhange? Will Linux support a VPN connection to a Windows network? Is there a sales database package similar to Goldmine?

Not being sarcastic here - this really sucks... and I'd like to drop the winblows shyt for good.

-Justin
 

·
Mr. Negative
Joined
·
12,387 Posts
I don't know about the MSExchange and Goldmine thing but the rest I'd say yes off the top of my head.

I was just f'in w/ ya. ;) We have NT stuff for some things too. All my stuff is AIX(IBM's Unix) so luckily "I don't have to do windows" although as I write this my main application I support has gone onto windows and I'll follow probably with the next Version. SucksAss!!!!!

Good luck man.



Justin.b said:
If it were up to me I would...

Is there an AS400 terminal for Linux? And an e-mail program compatible with MS Exhange? Will Linux support a VPN connection to a Windows network? Is there a sales database package similar to Goldmine?

Not being sarcastic here - this really sucks... and I'd like to drop the winblows shyt for good.

-Justin
 

·
Registered
Joined
·
44,398 Posts
Discussion Starter #11
Windows blows... and the saying IS true - nobody ever got fired for buying Miscosoft.

If a single critical package is not available on another OS - the entire company has to run Windows. Bill gates must have been better at sucking off satan than he is at putting together an OS...

-Justin
 
1 - 11 of 11 Posts
Top