|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-disclosure] KIBUV.B or variant?
From: Michel Arboi (michel.arboi
gmail.com)
Date: Wed May 25 2005 - 02:52:33 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 25/05/05, mike king <ngileshushmail.com> wrote:
> this is not at all uncommon. so chances are its the same program just tweaked.
Thanks Mike. Another point: on some machines infected by the same
nasty beast, there is a second FTP server on a high port. The banners
look like ProFTPD (with miscellaneous version numbers) but the servers
are probably not ProFTPD: they allow commands before login, and answer
to a limited set of commands and freeze on common things like "cd .."
Anybody have seen this?
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]