> I have trouble believing someone would go to the trouble of collecting
> compromised hosts and then waste them stealthily scanning for
> vulnerabilities which even inattentive admins are likely to have patched
> and will trigger any halfway decent IDS but a quick google didn't turn up
> anything much.
> Does anyone know what might be causing this?

People do collect infected hosts for use with ddos nets or machines to bounce from.
I still get valid code red hits almost daily which means alot of people still haven't
patched. I would find it very probable someone is collecting infected/backdoored hosts
for use in a ddos. Its very easy to upload a trojan and gain full access to these machines
so I don't understand why people wouldn't be scanning.

- zenocgisecurity.com

>
> Chris
>
>
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com
>
>

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]