|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Port 17300 probes?
From: Joe Stewart (jstewart
lurhq.com)
Date: Tue Apr 15 2003 - 16:18:38 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
We've found the source of the recent port 17300 probes, and have done
a quick analysis. Basically there is a trojan being propagated to hosts that
are already infected with SubSeven or Kuang2_the_Virus, and they have
the capability to scan and auto-infect new hosts on command.
Analysis is here:
http://www.lurhq.com/sig-milkit.html
--
Joe Stewart, GCIH
Senior Intrusion Analyst
LURHQ Corporation
http://www.lurhq.com/
----------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the
world's premier event for IT and network security experts. The two-day
Training features 6 hand-on courses on May 12-13 taught by professionals.
The two-day Briefings on May 14-15 features 24 top speakers with no vendor
sales pitches. Deadline for the best rates is April 25. Register today to
ensure your place. http://www.securityfocus.com/BlackHat-incidents
----------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]