Hosting Provided By

Backdoor.sdbot trojan

From: Rich Tourville <richardt(at)andrew.cmu.edu>
Date: Tue Nov 05 2002 - 14:26:44 EST

Have any of you folks on this list seen a re-occurrance of the "Backdoor.sdbot" trojan? I am responsible for several groups of student use computers here and this morning while doing a normal walk-thru I noticed that over half of my machines had several copies of this in quarantine.

According to Symantec, this program comes down through IRC clients and will open a backdoor on the infected machine through port 6667. It was first protected by Symantec/Norton on May 1, 2002 but this is the first I have seen or heard of it.

We are using Win2k PRo with Symantec/Norton CE 7.6 that is set to update daily. The student users have restricted user rights on the computers so they cannot install these programs(IRC) and when I set up the computers every year I remove any programs like this(IRC).

I was just curious if this is a new attack started possibly overnight or just a fluke thing here.

Thanks to all.

Rich Received on Fri Nov 8 21:03:14 2002

This message: [ Message body ]
Next message: dataspy: "Re: Backdoor.sdbot trojan"
Previous message: Mark O'Neil: "Strange"
Next in thread: candy: "Re: Backdoor.sdbot trojan"
Reply: candy: "Re: Backdoor.sdbot trojan"
Reply: Atria Mail Meltzer: "Re: Backdoor.sdbot trojan"
Reply: Philip Bartholomew: "RE: Backdoor.sdbot trojan"
Reply: DeGennaro, Gregory: "RE: Backdoor.sdbot trojan"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:38 EDT