please find pictures attached

Here's an idea... If these are valid pictures and not a VIRUS INFECTED ZIP
file, post them in one of the binary sites and give us pointers to them.


<cqpjth@yahoo.com> wrote in message news:Rq%Cd.45093$Yt1.21637@fe08.lga...
> please find pictures attached
>
>


--------------------------------------------------------------------------------


>
>

"Casey Wilson" <N2310D @ gmail.com> wrote in message
news:bi0Dd.13022$1U6.283@trnddc09...
> Here's an idea... If these are valid pictures and not a VIRUS INFECTED ZIP
> file, post them in one of the binary sites and give us pointers to them.
>
>
> <cqpjth@yahoo.com> wrote in message news:Rq%Cd.45093$Yt1.21637@fe08.lga...
>> please find pictures attached
>>
>>
>
>
> --------------------------------------------------------------------------------
>
>
>>
>>
>
>
Not that I would want to see such pictures but I like to examine viruses.
It is one as most would suspect. Backdoor type, info here:
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.ag.html

Tom

Tom Biasi wrote:
> Not that I would want to see such pictures but I like to examine viruses.

LOL!

-dave w

>>
>>
> Not that I would want to see such pictures but I like to examine viruses.
> It is one as most would suspect. Backdoor type, info here:
> http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.ag.html
>
> Tom
>
Hmmmm, perhaps a Downloader.Trojan????

Casey

Casey Wilson wrote:
>>>
>>Not that I would want to see such pictures but I like to examine viruses.
>>It is one as most would suspect. Backdoor type, info here:
>>http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.ag.html
>>
>>Tom
>>
>
> Hmmmm, perhaps a Downloader.Trojan????
>
> Casey
>
>
Connects to an IRC server on port 6631 to ronz1.afraid.org or
ronz2.afraid.org.

Casey Wilson wrote:
>>>
>>Not that I would want to see such pictures but I like to examine viruses.
>>It is one as most would suspect. Backdoor type, info here:
>>http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.ag.html
>>
>>Tom
>>
>
> Hmmmm, perhaps a Downloader.Trojan????
>
> Casey
>
>
Connects to an IRC server on port 6631 to ronz1.afraid.org or
ronz2.afraid.org.

>>
> Connects to an IRC server on port 6631 to ronz1.afraid.org or
> ronz2.afraid.org.

Ah, okay, gotcha. One of the worst kind of "backdoor" Trojans like you
said the first time. Sorry, shouldn't have challenged you.
Since you seem pretty knowledgeable, here's a couple of questions....
Can these backdoors be used to drop in a dial-up sequence so they will start
at, say, 2AM by themselves? And... Will the Internet Explorer performance
monitor see the zombie's activity?

"Tom Biasi" <TomBiasi@optonline.net> wrote in message
news:tsZDd.5017$cZ3.1372@fe11.lga...
>
> "Casey Wilson" <N2310D @ gmail.com> wrote in message
> news:NOUDd.4161$lG.3284@trnddc03...
>>
>>>>
>>> Connects to an IRC server on port 6631 to ronz1.afraid.org or
>>> ronz2.afraid.org.
>>
>> Ah, okay, gotcha. One of the worst kind of "backdoor" Trojans like you
>> said the first time. Sorry, shouldn't have challenged you.
>> Since you seem pretty knowledgeable, here's a couple of questions....
>> Can these backdoors be used to drop in a dial-up sequence so they will
>> start at, say, 2AM by themselves? And... Will the Internet Explorer
>> performance monitor see the zombie's activity?
>
> Yes some will drop a dialer, some will "Phone Home", this one particularly
> likes to send email in your name.
> You should always look for unexplained hard drive activity and access to
> the outside. Get ZoneAlarm or similar and watch what goes out.
>
> And...Keep a clean machine.
> Tom

Super advice, Tom. Too late for me -- I've already got my system(s)
well protected. I hope the other folks reading this will take the hint from
your advice. It ain't all that hard to protect the system and it is really
easy to keep it maintained.

"Casey Wilson" <N2310D @ gmail.com> wrote in message
news:NOUDd.4161$lG.3284@trnddc03...
>
>>>
>> Connects to an IRC server on port 6631 to ronz1.afraid.org or
>> ronz2.afraid.org.
>
> Ah, okay, gotcha. One of the worst kind of "backdoor" Trojans like you
> said the first time. Sorry, shouldn't have challenged you.
> Since you seem pretty knowledgeable, here's a couple of questions....
> Can these backdoors be used to drop in a dial-up sequence so they will
> start at, say, 2AM by themselves? And... Will the Internet Explorer
> performance monitor see the zombie's activity?

Yes some will drop a dialer, some will "Phone Home", this one particularly
likes to send email in your name.
You should always look for unexplained hard drive activity and access to the
outside. Get ZoneAlarm or similar and watch what goes out.

And...Keep a clean machine.
Tom

>
>