Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: parishilton.scr SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
parishilton.scr
There's a new variant of SDBOT making the rounds, arriving via IM as a link to a file called parishilton.scr . Those few AV that already detect it, seem to call it Sdbot.XD.  Maybe a good moment to check your proxy logs to see who of your IM users clicked on it...
Daniel

367 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!