• malware using the wconline as a server

    From BILLY SCHWARZ@1:124/5013 to All on Thu Jan 31 19:18:36 2019
    Date: Tue, 10 Oct 2006 13:53:51 -0400
    From: BILLY SCHWARZ
    To: HECTOR SANTOS
    Subject: malware using the wconline as a server
    Newsgroups: win.server.smtp.&.avs
    Message-ID: <1160502831.46.0@winserver.com>
    X-WcMsg-Attr: Rcvd
    X-Mailer: Wildcat! Interactive Net Server v7.0.454.5
    Lines: 13

    I have up graded our ecommerce server to the 6.1 Monday october 9, 2006 I noticed that it had a lot of traffic.

    The malware is written to use the wconline to broadcast ad's to who knows where. As of today I have not found the program.

    I can block the wconline with the fire wall and it will stop.

    None of your other servers running an earlier update seem to be affected


    Billy Schwarz
    sysop@hightecproductions.com
    --- Platinum Xpress/Win/WINServer v3.1
    * Origin: Prison Board BBS Mesquite Tx //telnet.RDFIG.NET www. (1:124/5013)
  • From HECTOR SANTOS@1:124/5013 to All on Thu Jan 31 19:18:36 2019
    Date: Thu, 12 Oct 2006 03:27:07 -0400
    From: HECTOR SANTOS
    To: BILLY SCHWARZ
    Subject: RE: malware using the wconline as a server
    Newsgroups: win.server.smtp.&.avs
    Message-ID: <1160638027.46.1160502831@winserver.com>
    References: <1160502831.46.0@winserver.com>
    X-WcMsg-Attr: Rcvd
    X-Mailer: Wildcat! Interactive Net Server v7.0.454.5
    Lines: 23

    Make sure you TURN off the HTTP PROXY in WEB SERVER SETUP and restart WCONLINE.



    On 10/10/06 1:53 PM, BILLY SCHWARZ wrote to HECTOR SANTOS:

    I have up graded our ecommerce server to the 6.1 Monday october 9,
    2006 I
    noticed that it had a lot of traffic.

    The malware is written to use the wconline to broadcast ad's to who knows where. As of today I have not found the program.

    I can block the wconline with the fire wall and it will stop.

    None of your other servers running an earlier update seem to be affected


    Billy Schwarz
    sysop@hightecproductions.com


    --- Platinum Xpress/Win/WINServer v3.1
    * Origin: Prison Board BBS Mesquite Tx //telnet.RDFIG.NET www. (1:124/5013)