OT : Please Help Security Guys ! (Backdoor issue)

From: Edouard Zorrilla <ezorrilla_at_tsf.com.pe>
Date: Mon, 26 Apr 2010 09:53:11 -0700

Hi,

Here we are facing a issue with a backdoor that use https to send information
from machines to the internnet (Turkey and Denmark- 78.189.194.126,
93.160.202.224 ). The issue is that we have clean this machines with all
antivirus we know, but machines keep sending https traffic and we do not know
how to get with the applicantion (backdoor) that sending information our
information to Turkey and Denmark. These machines are already isolated.

Do you know a windows tool so that I can get : which application is using a
specific destination protocol ?. I mean, WinMail.exe send to the internet pop3
and smtp, now I need to know which application is sending https traffic to
Internet from these machines,

Thanks a lot,

Warm regards

Blogs and organic groups at http://www.ccie.net
Received on Mon Apr 26 2010 - 09:53:11 ART

This message: [ Message body ]
Next message: Kambiz Agahian: "RE: mapping to the local-link address"
Previous message: Mustafa Yadav: "mapping to the local-link address"
Next in thread: Charles.Henson_at_regions.com: "Re: OT : Please Help Security Guys ! (Backdoor issue)"
Maybe reply: Charles.Henson_at_regions.com: "Re: OT : Please Help Security Guys ! (Backdoor issue)"
Maybe reply: itguy.pro_at_gmail.com: "Re: OT : Please Help Security Guys ! (Backdoor issue)"
Maybe reply: Andrey Tarasov: "Re: OT : Please Help Security Guys ! (Backdoor issue)"
Maybe reply: Charles.Henson_at_regions.com: "Re: OT : Please Help Security Guys ! (Backdoor issue)"
Maybe reply: Edouard Zorrilla: "Re: OT : Please Help Security Guys ! (Backdoor issue)"
Maybe reply: Edouard Zorrilla: "Re: OT : Please Help Security Guys ! (Backdoor issue)"
Maybe reply: Ryan West: "RE: OT : Please Help Security Guys ! (Backdoor issue)"
Maybe reply: Edouard Zorrilla: "Re: OT : Please Help Security Guys ! (Backdoor issue)"
Maybe reply: Ryan West: "RE: OT : Please Help Security Guys ! (Backdoor issue)"
Maybe reply: Edouard Zorrilla: "Re: OT : Please Help Security Guys ! (Backdoor issue)"
Maybe reply: oluwaseyi ojo: "Re: OT : Please Help Security Guys ! (Backdoor issue)"
Maybe reply: Poplawski, James: "RE: OT : Please Help Security Guys ! (Backdoor issue)"
Maybe reply: Joseph L. Brunner: "RE: OT : Please Help Security Guys ! (Backdoor issue)"
Maybe reply: Charles.Henson_at_regions.com: "RE: OT : Please Help Security Guys ! (Backdoor issue)"
Maybe reply: Imre Oszkar: "Re: OT : Please Help Security Guys ! (Backdoor issue)"
Maybe reply: Charles.Henson_at_regions.com: "Re: OT : Please Help Security Guys ! (Backdoor issue)"
Maybe reply: Edouard Zorrilla: "Re: OT : Please Help Security Guys ! (Backdoor issue)"
Maybe reply: Joseph Jenkins: "Re: OT : Please Help Security Guys ! (Backdoor issue)"
Maybe reply: george greaves: "Re: OT : Please Help Security Guys ! (Backdoor issue)"
Maybe reply: Edouard Zorrilla: "Re: OT : Please Help Security Guys ! (Backdoor issue)"
Maybe reply: Edouard Zorrilla: "Re: OT : Please Help Security Guys ! (Backdoor issue)"
Maybe reply: itguy.pro_at_gmail.com: "Re: OT : Please Help Security Guys ! (Backdoor issue)"
Maybe reply: Keegan.Holley_at_sungard.com: "Re: OT : Please Help Security Guys ! (Backdoor issue)"
Maybe reply: Joseph Jenkins: "Re: OT : Please Help Security Guys ! (Backdoor issue)"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

This archive was generated by hypermail 2.2.0 : Sat May 01 2010 - 09:49:57 ART