Full Disclosure mailing list archives
Re: KIBUV.B or variant?
From: Michel Arboi <michel.arboi () gmail com>
Date: Wed, 25 May 2005 09:52:33 +0200
On 25/05/05, mike king <ngiles () hushmail com> wrote:
this is not at all uncommon. so chances are its the same program just tweaked.
Thanks Mike. Another point: on some machines infected by the same nasty beast, there is a second FTP server on a high port. The banners look like ProFTPD (with miscellaneous version numbers) but the servers are probably not ProFTPD: they allow commands before login, and answer to a limited set of commands and freeze on common things like "cd .." Anybody have seen this? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- KIBUV.B or variant? Michel Arboi (May 24)
- <Possible follow-ups>
- Re: KIBUV.B or variant? mike king (May 24)
- Re: KIBUV.B or variant? Michel Arboi (May 25)