Here's trouble -- Was: [Does bind send email?]

Alan Clegg aclegg at isc.org
Fri Jul 9 11:25:07 UTC 2010 

For those of you that don't follow bind-users closely, this is a bit of
troubling news.  I'm not surprised that a "bad guy" would masquerade his
malware as BIND, but to actually see it documented is sad.

AlanC

-------- Original Message --------
Subject: Re: Does bind send email?
Date: Fri, 9 Jul 2010 12:18:07 +0100
From: tomasz dereszynski <tomaszd at paraklet.net>
To: Alan Clegg <aclegg at isc.org>
CC: bind-users at lists.isc.org


> On 7/9/2010 4:57 AM, Chiesa Stefano wrote:
>
>> "27/05/2010	17.06.32 1094  C:\bind\bin\named.exe Protezione
>> antivirus standard:Impedisci a worm distribuiti tramite mass-mailing di
>> inviare messaggi	93.49.247.253:25"
>>
>> (translated from italian: Prevent mass mailing worms from sending mail).
>>
>> What is strange is the blocked process: C:\bind\bin\named.exe (our
>> Windows 2003 Bind 9.6.0-P1 installation).
>>
>> So, does bind send email?
>
> BIND does not send e-mail.  I'd be curious if you have any way of
> telling exactly what the trigger was for the "anti-virus" code.
>
> BTW, as I'm sure someone else will if I don't, please start new threads
> by sending a new e-mail to bind-users@ and not by replying to another
> already in-progress thread.
>
> AlanC

check below link
apparently viruses (some) hide themselves behind that name/process.
http://www.file.net/process/named.exe.html

mind you, it might be something else ...

-- 

bEsT rEgArDs            |       "Confidence is what you have before you
tomasz dereszynski      |       understand the problem." -- Woody Allen
                        |
Spes confisa Deo        |       "In theory, theory and practice are much
numquam confusa recedit |       the same. In practice they are very
                        |       different." -- Albert Einstein


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100709/9b5b1b16/attachment.bin>

More information about the bind-users mailing list