Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: [Full-disclosure] KIBUV.B or variant?
From: Michel Arboi (michel.arboigmail.com)
Date: Wed May 25 2005 - 02:52:33 CDT
On 25/05/05, mike king <ngileshushmail.com> wrote:
> this is not at all uncommon. so chances are its the same program just tweaked.
Thanks Mike. Another point: on some machines infected by the same
nasty beast, there is a second FTP server on a high port. The banners
look like ProFTPD (with miscellaneous version numbers) but the servers
are probably not ProFTPD: they allow commands before login, and answer
to a limited set of commands and freeze on common things like "cd .."
Anybody have seen this?
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/