Re: OT : Please Help Security Guys ! (Backdoor issue)

Hi,

Thanks for getting back,

The netstat command show me the source port, but does not show the .exe
which is sending https packet to internet.,

Warm regards

----- Original Message -----
From: <itguy.pro_at_gmail.com>
To: "Edouard Zorrilla" <ezorrilla_at_tsf.com.pe>; <security_at_groupstudy.com>
Cc: <ccielab_at_groupstudy.com>
Sent: Monday, April 26, 2010 10:04 AM
Subject: Re: OT : Please Help Security Guys ! (Backdoor issue)

> Use netstat
>
>
> Sent via BlackBerry from T-Mobile
>
> -----Original Message-----
> From: "Edouard Zorrilla" <ezorrilla_at_tsf.com.pe>
> Date: Mon, 26 Apr 2010 09:53:11
> To: <security_at_groupstudy.com>
> Cc: <ccielab_at_groupstudy.com>
> Subject: OT : Please Help Security Guys ! (Backdoor issue)
>
> Hi,
>
> Here we are facing a issue with a backdoor that use https to send
> information
> from machines to the internnet (Turkey and Denmark- 78.189.194.126,
> 93.160.202.224 ). The issue is that we have clean this machines with all
> antivirus we know, but machines keep sending https traffic and we do not
> know
> how to get with the applicantion (backdoor) that sending information our
> information to Turkey and Denmark. These machines are already isolated.
>
> Do you know a windows tool so that I can get : which application is using
> a
> specific destination protocol ?. I mean, WinMail.exe send to the internet
> pop3
> and smtp, now I need to know which application is sending https traffic to
> Internet from these machines,
>
> Thanks a lot,
>
> Warm regards
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Mon Apr 26 2010 - 10:25:31 ART