Free Republic
Browse · Search 		General/Chat
Topics · Post Article

To: RosieCotton

Well... that's the kicker... this one is not detected even by updated antivirus patterns. Ours is Trend Micro, but we've tried some other vendors and they're not finding anything either. But we can isolate the infection... and it *should* be detectable, many pattern versions ago. It looks and acts like a variant of RBot.jp.worm, but isn't detectable as such.

Symptoms are that the infected machine opens hundreds to thousands of connections to the Internet, clogging the NAT translation tables of the router, effectively killing Internet access to anyone else. It also starts brute-forcing network accounts, looking for common weak passwords, which of course starts immediately locking accounts accross the domain.

Nasty bugger, that.


1,336 posted on 10/11/2004 6:45:51 PM PDT by Ramius (Time? What time do you think we have?)
[ Post Reply | Private Reply | To 1323 | View Replies ]

To: Ramius

Yikes! That IS nasty.

I'm going to copy down some of this info...hopefully we're safe, but ya never know for absolutely sure.


1,338 posted on 10/11/2004 6:47:36 PM PDT by RosieCotton (He is a very shallow critic who cannot see an eternal rebel in the heart of a conservative. - GKC)
[ Post Reply | Private Reply | To 1336 | View Replies ]
To: Ramius

Out of curiosity, how did you clean it?


1,341 posted on 10/11/2004 6:49:22 PM PDT by RosieCotton (He is a very shallow critic who cannot see an eternal rebel in the heart of a conservative. - GKC)
[ Post Reply | Private Reply | To 1336 | View Replies ]

Free Republic
Browse · Search 		General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson