Results 1 to 5 of 5

Thread: What is this thing?

  1. #1
    Senior Member Ouroboros's Avatar
    Join Date
    Nov 2001
    Location
    Superior, WI USA
    Posts
    636

    Question What is this thing?

    Today, while browsing around AO and looking at the hack attempts log, i saw this:

    Activity: Qaz_Command
    Source IP: 63.108.181.201 Source Port: 80
    Destination IP: 211.100.0.34 Destination Port: 7597
    Date & Time Code: 20011207190012

    What the hell is a Qaz_Command? I have never seen an attempt of this kind made against AO. I'm just curious, as I have pretty much figured out what the other attempts have been, and have never seen this thing before...

    Just learning

    Ouroboros
    "entia non sunt multiplicanda praeter necessitatem"

    "entities should not be multiplied beyond necessity."

    -Occam's Razor


  2. #2
    Senior Member
    Join Date
    Jul 2001
    Location
    USA
    Posts
    355

    Cool

    Quit asking zelda..... Who knows
    \"SI JE PUIS\"

  3. #3
    Senior Member Ouroboros's Avatar
    Join Date
    Nov 2001
    Location
    Superior, WI USA
    Posts
    636

    ?

    Originally posted by thor
    Quit asking zelda..... Who knows
    but anyways...
    "entia non sunt multiplicanda praeter necessitatem"

    "entities should not be multiplied beyond necessity."

    -Occam's Razor


  4. #4
    Senior Member
    Join Date
    Jul 2001
    Location
    USA
    Posts
    355

    Post

    The old game Zelda....calm down man I was just joking I haven't seen this in the log's before either...
    \"SI JE PUIS\"

  5. #5
    PHP/PostgreSQL guy
    Join Date
    Dec 2001
    Posts
    1,164
    I found this on F-Secure's site...it's on other places too:

    (snip)
    This is network worm with backdoor capabilities, which spreads itself under Win32 systems. The worm was reported in-the-wild in July-August, 2000. The worm itself is Win32 executable file and about 120K long, written in MS Visual C++.

    When an infected file is executed, the worm registers itself in Windows registry in auto-start section:


    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    startIE = "filename qazwsx.hsq"

    where "filename" is the name of worm's file (usually this is "Notepad.exe", see below). As a result, the worm will be activated each time Windows starts up.
    (/snip)
    We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •