Re: "sokets de trois" trojan bombardment of PC

From: Masha (anonymous_at_discussions.microsoft.com)
Date: 05/21/04 

Date: Fri, 21 May 2004 08:47:38 -0700

>-----Original Message-----
>Dave, I think we've answered this in other groups,
although if others here
>have light to shed on it, I'd be glad.
>
>My theory is that this is traffic on port 5000 which is
generated by a
>couple of prevalent worms at the moment.
>
>"Dave Gibson" <anonymous@discussions.microsoft.com> wrote
in message
>news:f3f601c43dc0$2d2a7970$a601280a@phx.gbl...
>> Hi,
>>
>> Its not just me but a lot of people seem to be getting
>> constant bombardment of their PC's with a trojan
>> called "sokets de trois"
>>
>> I am detecting it with Norton Internet Security 2002
with
>> all the current update files installed. I have also
>> checked the PC for adware etc with several programs
>> updated with the latest files and run a virus scan - all
>> clean.
>>
>> I have also used the "unplugnpray" utility to disable
>> port 5000 yet am still getting bombarded. I have turned
>> off the Norton Alert Tracker as its doing my head in.
>>
>> Any suggestions or solutions
>>
>> Regards
>>
>
>
>.
>

Hi--this is my first time posting on this newsgroup, but I
too have had the same numerous attacks since about
midnight March 15. Sokets de Trois v.1 has been around
for several years, but somebody still thinks they can send
it to up to date Symantec users. Symantec document ID
2000102507293506 dated 11/11/2002 tells all about it but
says the cause is unknown. A friend traced some of the IP
addresses to a now-defunct company that merged with
another company about a year ago, so our theory is that
the person sending the Trojan Horse may be using a server
formerly belonging to the defunct company. I wrote to the
Internet Fraud Complaint website and gave them some of the
IP addresses that the sender is apparently using to "mask"
his attempts to send this ancient Trojan. Running our
firewalls and keeping virus protection up to date seems to
be the only answer--boy, howdy, it slows one down on the
Internet, doesn't it?

The good news is that the whole time I have been writing
this post, I have =not= been attacked! Do you all think
maybe the attacker either got bored or maybe was caught?

Regards

Relevant Pages

  • Risks Digest 25.28
    ... Internet attacks against Georgian web sites ... How reliable is DNA ...? ...
    (comp.risks)
  • Re: Dubious distinction for Estonia (part 2)
    ... there are going to be fights on the Internet," said Hillar Aarelaid, the ... or ethnic Russian sources in retaliation for the removal of the statue. ... The Estonians note that an Internet address involved in the attacks ... staggering the biggest Estonian bank and overwhelming ...
    (soc.culture.baltics)
  • Cyber Warfare
    ... Defences against cyberwarfare are still rudimentary. ... Yes-unless the attacks came over the internet. ... hackers out of important government computers. ...
    (soc.culture.china)
  • Re: [Full-disclosure] Internet attacks against Georgian web sites
    ... Shadowserver and others have been following the botnets attacking the Georgians web sites, and that is confirmed as happening. ... So--it is clear their web sites are under attack, and that Internet visibility-wise, the impact is real for the Georgians. ... such attacks are nothing but routine here in Israel. ... When I ran the defense for the Israeli government Internet operation and then the Israeli government CERT, ...
    (Full-Disclosure)
  • Re: NORTON Firewall doesnt detect TROJAN, !!WARNING TROJAN ATTACHED!!
    ... I think this is a trojan and NIS failed me on this ... ATTACHED FILE IS INFECTED WITH A TROJAN. ... I am using Norton Internet Security2002. ... Outbound TCP connection ...
    (comp.security.firewalls)