This guy is sending virii like the plague..

[DreamWeaver]

http://65.179.32.23:8180

Its some sort or trojan, not sure which, hidden behind the facade of "Browser plugin required please download..." Id like to find this guys ISP and send them a nice email, anyone want to teach this newbie how?

~DW~

[Proud]

65.179.32[1].htm [ 501 bytes ]
Virus Name: Trojan Horse
Infects: .EXE files
Likelihood: Rare
Lenght: 1234 bytes

Dunno about NAV's naming of it
I've never submitted something to SARC before...

[avenger_jcc]

I used www.arin.net
Got the ISP, sprint, and I sent them a email. Im sure they will handle it.
how did you find this ip address?

[DreamWeaver]

The virus sends itself out through Aol Instant Messenger. Im sure its infected hundreds upon hundreds of people by now. My antivirus picked it up as well, but one of my friends wasnt quite so lucky. If anyone has any idea which trojan it is, please tell me so i can tell her so we can get it removed.

Thanks
~DW~

[khakisrule]

The virus is w32.aplore@mm. The aplore i believe is a trojan, and a common one at that. Don't touch the file, maybe you can do a whois or something like that or use neotrace to trace it back to one of the last routers and find the ISP that way. Good luck stopping him, and remember not to make sure to touch that trojan.

[Proud]

w32.aplore@mm

TraceRoute to 65.179.32.23 [sdn-ap-022scfairp0023.dialsprint.net]

[khakisrule]

Lol, and one more thing. NAV needs to update those likelihod ratings, I have seen many people infected with aplore on IRC recently, 'cuz I have one of those aplore scanners. They seriously should, maybe something like, um, extremely common, or not rare at all.

[Proud]

My first post has the default-style data about the unknown Trojan that the Bloodhoud tech. detected, so it's not correct.

The Symantec Security Response has Distribution: High