Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fourth Forum I've Asked This Question In


  • Please log in to reply
4 replies to this topic

#1 phoenix777

phoenix777

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia Beach
  • Local time:01:20 AM

Posted 24 August 2007 - 04:37 PM

So about twice a day I get this weird alert on my Panda Titanium firewall saying a Network Virus has been blocked. Now not once has it shown as actually being on my system and my HJT is clean as a whistle but I can't find ANYTHING on the net about this alert other than a few pages in either Spanish or Portuguese vaguely referring to it as a Hack Tool (as best as I can translate.
The Alert says Exploit/ICQPAM.
DOes anyone have a CLUE as to why I keep getting this alert? I thought I was pretty good with security and analysis but this one has me STUMPED :thumbsup:


Moved from the AntiVirus Forum. ~acklan~

Edited by acklan, 25 August 2007 - 02:42 AM.


BC AdBot (Login to Remove)

 


#2 rowal5555

rowal5555

    Just enough info to be armed & dangerous...


  • Members
  • 2,644 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:St Kilda, Dunedin. South Island. NZ
  • Local time:06:20 PM

Posted 24 August 2007 - 04:58 PM

Hi phoenix7777

Don't know if this will shed some light but you may care to check out the five types mentioned under the main block here:
http://translate.google.com/translate?hl=e...GL_enNZ206NZ208

Cheers

rowal5555 (Rob )                                                             

Avid supporter of Bleeping Computer's
Team 38444

You can help find a cure


 


#3 phoenix777

phoenix777
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia Beach
  • Local time:01:20 AM

Posted 24 August 2007 - 06:27 PM

ok well, that's what I found but it says not in circulation, just wierd looking to me

#4 acklan

acklan

    Bleepin' cat's meow


  • Members
  • 8,529 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Baton Rouge, La.
  • Local time:11:20 PM

Posted 25 August 2007 - 02:38 AM

From my research you may have the "witty" worm. This is a vulnerability in several internet application, in your case possibly the ICQ client.

The Witty worm spreads via a buffer overflow vulnerability in the Protocol Analysis Module (PAM) of several Internet Security Systems products. The PAM code that is responsible for performing information gathering on ICQ's instant messaging protocol suffers from a stack-based buffer overflow due to an insecure sprintf call.


Resource: ISS PAM/ICQ 'Witty' Worm Analysis
"2007 & 2008 Windows Shell/User Award"

#5 phoenix777

phoenix777
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia Beach
  • Local time:01:20 AM

Posted 25 August 2007 - 05:17 PM

ok I see, so this is a worm trying to get in? or do you think it might actually be in my system? scans both in-system and offline aren't showing anything other than tracking cookies. Are you aware of any detection or removal method? Or should I have faith in my firewall when it keeps telling me it's not getting in? I mean as far as I can tell from a look up on symantec since I am not running an affected system (blackice or realsecure) then I should be safe. Did I interpret that accurately?

Edited by phoenix777, 25 August 2007 - 05:32 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users