Re: OT : Please Help Security Guys ! (Backdoor issue) from Charles.Henson_at_regions.com on 2010-04-26 (Ccielab archives 04/2010)

From: <Charles.Henson_at_regions.com>
Date: Mon, 26 Apr 2010 11:58:32 -0500

You mean like CSA?

Charles Henson

|------------>
| From: |
|------------>
>--------------------------------------------------------------------------------------------------------------------------------------------------|
  |"Edouard Zorrilla" <ezorrilla_at_tsf.com.pe> |
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| To: |
|------------>
>--------------------------------------------------------------------------------------------------------------------------------------------------|
  |<security_at_groupstudy.com> |
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| Cc: |
|------------>
>--------------------------------------------------------------------------------------------------------------------------------------------------|
  |<ccielab_at_groupstudy.com> |
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| Date: |
|------------>
>--------------------------------------------------------------------------------------------------------------------------------------------------|
  |04/26/2010 11:57 AM |
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| Subject: |
|------------>
>--------------------------------------------------------------------------------------------------------------------------------------------------|
  |OT : Please Help Security Guys ! (Backdoor issue) |
>--------------------------------------------------------------------------------------------------------------------------------------------------|

Hi,

Here we are facing a issue with a backdoor that use https to send
information
from machines to the internnet (Turkey and Denmark- 78.189.194.126,
93.160.202.224 ). The issue is that we have clean this machines with all
antivirus we know, but machines keep sending https traffic and we do not
know
how to get with the applicantion (backdoor) that sending information our
information to Turkey and Denmark. These machines are already isolated.

Do you know a windows tool so that I can get : which application is using a
specific destination protocol ?. I mean, WinMail.exe send to the internet
pop3
and smtp, now I need to know which application is sending https traffic to
Internet from these machines,

Thanks a lot,

Warm regards

Blogs and organic groups at http://www.ccie.net
Received on Mon Apr 26 2010 - 11:58:32 ART

This archive was generated by hypermail 2.2.0 : Sat May 01 2010 - 09:49:57 ART