Re: OT : Please Help Security Guys ! (Backdoor issue)

Let's try and keep the thread clean.... :)

Charles Henson

|------------>
| From: |
|------------>
>--------------------------------------------------------------------------------------------------------------------------------------------------|
  |Imre Oszkar <oszkari_at_gmail.com> |
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| To: |
|------------>
>--------------------------------------------------------------------------------------------------------------------------------------------------|
  |itguy.pro_at_gmail.com |
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| Cc: |
|------------>
>--------------------------------------------------------------------------------------------------------------------------------------------------|
  |Edouard Zorrilla <ezorrilla_at_tsf.com.pe>, security_at_groupstudy.com, ccielab_at_groupstudy.com |
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| Date: |
|------------>
>--------------------------------------------------------------------------------------------------------------------------------------------------|
  |04/26/2010 02:56 PM |
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| Subject: |
|------------>
>--------------------------------------------------------------------------------------------------------------------------------------------------|
  |Re: OT : Please Help Security Guys ! (Backdoor issue) |
>--------------------------------------------------------------------------------------------------------------------------------------------------|

 portexplorer could be a solution for this.

On Mon, Apr 26, 2010 at 8:04 PM, <itguy.pro_at_gmail.com> wrote:

> Use netstat
>
>
> Sent via BlackBerry from T-Mobile
>
> -----Original Message-----
> From: "Edouard Zorrilla" <ezorrilla_at_tsf.com.pe>
> Date: Mon, 26 Apr 2010 09:53:11
> To: <security_at_groupstudy.com>
> Cc: <ccielab_at_groupstudy.com>
> Subject: OT : Please Help Security Guys ! (Backdoor issue)
>
> Hi,
>
> Here we are facing a issue with a backdoor that use https to send
> information
> from machines to the internnet (Turkey and Denmark- 78.189.194.126,
> 93.160.202.224 ). The issue is that we have clean this machines with all
> antivirus we know, but machines keep sending https traffic and we do not
> know
> how to get with the applicantion (backdoor) that sending information our
> information to Turkey and Denmark. These machines are already isolated.
>
> Do you know a windows tool so that I can get : which application is using
a
> specific destination protocol ?. I mean, WinMail.exe send to the internet
> pop3
> and smtp, now I need to know which application is sending https traffic
to
> Internet from these machines,
>
> Thanks a lot,
>
> Warm regards
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Mon Apr 26 2010 - 14:57:32 ART