« Good TiVo Deal | Main | Sally Ride »
March 25, 2004
Rare Virus
We had an instance of a rare virus on campus last night, only TrendMicro has a writeup about it yet, but I submitted a copy of it to Symantec, our antivirus vendor, and they've supplied me with beta defs to stop it. They're calling it W32.Gaobot.SN, and it lives in a file called msgfix.exe
From what I could see, it attacks machines with weak or blank Administrator passwords, then attempts to spread to other machines on the network. It also listens on port 6667 for instructions from the creator of the worm, so that it may do his dastardly bidding. Cleanup is pretty easy, just stop the process, delete the file, and remove the registry entry that calls it when the machine starts. Hopefully Symantec will have a writeup about it soon...
Posted by Seth Bokelman at March 25, 2004 11:17 AM
Trackback Pings
TrackBack URL for this entry:
http://www.sethb.com/moveabletype/mt-tb.cgi/340
Comments
assuming of course that the dastardly remote hacker didn't install other backdoors you mean.
Posted by: Gary at March 25, 2004 11:37 AM
Well, I gave it a pretty thorough audit of all user accounts, active processes, and processes that were set to start upon startup/login and couldn't find anything amiss, so I'm pretty sure it was okay, but I've cautioned the inDUHvidual to bump up his security, and look over his systems...
Posted by: Seth Bokelman at March 25, 2004 11:41 AM
Post a comment
Thanks for signing in, . Now you can comment. (sign out)
(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)