[PLUG] strange trojan
Derek Loree
derek at infotects.com
Wed Oct 23 18:03:35 UTC 2002
Rich,
I tried to reply to your email, but your mail server didn't like my mail
server, and my message was rejected as spam. Do you have reverse
lookups as a criteria for hosts that you will allow? (I don't think
I've been tagged as an open relay, because it isn't open).
Derek Loree
On Wed, 2002-10-23 at 10:31, Rich Shepard wrote:
> On 23 Oct 2002, Derek Loree wrote:
>
> > I came across a listing at the Symantec site of a trojan that is
targeted
> > to only linux systems. The strange part is, a password must be
supplied
> > to run it! Somebody must be planning some serious social
engineering.
> > (Make the trojan so secure that only serious security hackers can
run it?)
> >
> >
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.wiween.html
>
> Derek,
>
> I must be pretty dumb this morning. If the binary won't execute
without
> the proper password, and it cannot open the backdoor (port > 4,000)
until it
> runs, how is it fired?
>
> Is the recipient supposed to call someone and ask for the password?
In my
> naivety, this has all the symptoms of a hoax. Not that Symantec is
part of
> it, but whoever put the word out on the street.
>
> Rich
>
More information about the PLUG
mailing list