"dick" strikes again
"dick" strikes again
Indeed. Now, would you, "dick", please stay quiet? kthxbye
Mine are coming from a site in the U.K.:
Checking IP: 81.29.70.36... Name:
I've blacklisted the port in Shorewall, so hits don't clutter the log.
Jim Ford
I think this is a new variant of W32.IRCBOT
Any one killed it yet?
Jim Ford wrote:
This is an exploit for a recently patched vulnerability in Symantec SSC Agent and its variants, as has been extensively discussed. There are various malware generations trying to exploit it, not just your generic W32.IRCBOT.
Killed? How's that supposed to work? The Symantec stuff is running with SYSTEM privileges, thus a successful exploit means that the entire system was compromised. There's no way to recover from such a scenario without a complete safe boot-strapping process, which usually means to flatten and rebuild the entire system (or having a recent backup, having checksums or a well-known safe state for determining the modification).
People, I just want to say, you know, can we all get along?
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.