Here's trouble -- Was: [Does bind send email?]
Alan Clegg
aclegg at isc.org
Fri Jul 9 11:25:07 UTC 2010
For those of you that don't follow bind-users closely, this is a bit of
troubling news. I'm not surprised that a "bad guy" would masquerade his
malware as BIND, but to actually see it documented is sad.
AlanC
-------- Original Message --------
Subject: Re: Does bind send email?
Date: Fri, 9 Jul 2010 12:18:07 +0100
From: tomasz dereszynski <tomaszd at paraklet.net>
To: Alan Clegg <aclegg at isc.org>
CC: bind-users at lists.isc.org
> On 7/9/2010 4:57 AM, Chiesa Stefano wrote:
>
>> "27/05/2010 17.06.32 1094 C:\bind\bin\named.exe Protezione
>> antivirus standard:Impedisci a worm distribuiti tramite mass-mailing di
>> inviare messaggi 93.49.247.253:25"
>>
>> (translated from italian: Prevent mass mailing worms from sending mail).
>>
>> What is strange is the blocked process: C:\bind\bin\named.exe (our
>> Windows 2003 Bind 9.6.0-P1 installation).
>>
>> So, does bind send email?
>
> BIND does not send e-mail. I'd be curious if you have any way of
> telling exactly what the trigger was for the "anti-virus" code.
>
> BTW, as I'm sure someone else will if I don't, please start new threads
> by sending a new e-mail to bind-users@ and not by replying to another
> already in-progress thread.
>
> AlanC
check below link
apparently viruses (some) hide themselves behind that name/process.
http://www.file.net/process/named.exe.html
mind you, it might be something else ...
--
bEsT rEgArDs | "Confidence is what you have before you
tomasz dereszynski | understand the problem." -- Woody Allen
|
Spes confisa Deo | "In theory, theory and practice are much
numquam confusa recedit | the same. In practice they are very
| different." -- Albert Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100709/9b5b1b16/attachment.bin>
More information about the bind-users
mailing list