[OS X TeX] OT: effective Macintosh Trojan in the wild

Peter Dyballa Peter_Dyballa at Web.DE
Thu May 5 14:07:47 CEST 2005


Am 05.05.2005 um 09:07 schrieb Bruno Voisin:

> May  5 08:32:29 Portable-de-Bruno ipfw: Stealth Mode connection 
> attempt to TCP 10.0.1.2:49987 from [...].73.26:80
> May  5 08:32:29 Portable-de-Bruno ipfw: Stealth Mode connection 
> attempt to TCP 10.0.1.2:49986 from [...].73.26:80
> May  5 08:32:34 Portable-de-Bruno ipfw: Stealth Mode connection 
> attempt to TCP 10.0.1.2:49965 from [...].87.2:80
>

Their targets are usually MS based. The PCs have sleepers that wait for 
an outside call to become activated to distribute spam or to attack 
some company. Since the 'developers' of that malware do not know where 
the programmes wait inside the infected PCs, they have to scan from the 
outside all IP adresses for responsive, open, ports. Could be that most 
of the IP traffic is spam and such searching.

--
Greetings

   Pete

The most exciting phrase to hear in science, the one that heralds new 
discoveries, is not "Eureka!" (I found it!) but "That's funny..." 
[Isaac Asimov]

--------------------- Info ---------------------
Mac-TeX Website: http://www.esm.psu.edu/mac-tex/
           & FAQ: http://latex.yauh.de/faq/
TeX FAQ: http://www.tex.ac.uk/faq
List Post: <mailto:MacOSX-TeX at email.esm.psu.edu>





More information about the macostex-archives mailing list