Full Disclosure mailing list archives
Re: ftp worm ?
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Fri, 16 Jan 2004 13:23:07 +1300
Robert Perriero <perrieror1 () mail montclair edu> wrote:
I would be willing to bet that this is a modified "pub scanner". Similar to the apache exploit posted, it appears as if it attempts to connect to machines using known user accounts and passwords. It probably isn't a worm, but rather someone behind a keyboard attempting to find a place to store warez.
Your knowledge of pubstro is a tad out of date. Many pubstro kits have, for ages, included various kinds of vulnerability scanners. More recently (like at least 18 months ago?) semi-automatic "find the next victim" features were also being added to some pubstro kit, culminating in at least some fully automated, self-spreading pubstro agents. In most people's mind, that makes them worms... I agree that the detects could be evidence of such scanning. -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- ftp worm ? Mike Tancsa (Jan 06)
- Re: ftp worm ? daniel uriah clemens (Jan 06)
- Re: ftp worm ? Robert Perriero (Jan 15)
- Re: ftp worm ? Robert Perriero (Jan 15)
- Re: ftp worm ? Nick FitzGerald (Jan 15)