Using Argus or tcpdump to detect Pretty Park trojan
flynngn at jmu.edu
flynngn at jmu.edu
Wed Mar 1 14:05:48 EST 2000
We just checked our updates and it appears Norton is still pushing the
20222 version through the corporate edition update process. As far as I
can tell, the 20224a version is required. An Internet Live Update gets
the 20224a version.
I just got a copy of what is circulating here. I've been told everything
we've seen so far is the old version which is detected by our current version of
Norton but I notice there seems to be some interest in inactive IRC servers :)
Thanks, Russell, for tipping us on that neat detection mechanism.
I noticed the wintrinoo update wasn't available through Internet Live
Update for a couple days after the patch was announced on the Norton
site. Evidently, there is some significant delay between making
a patch available, making it available to Internet Live Update,
and incorporating it into the corporate managed update process.
By the way. BOClean doesn't need to be upgraded to detect this
variant:
http://www.nsclean.com/psc-pp.html
gary
More information about the argus
mailing list