Full Disclosure mailing list archives

Re: KIBUV.B or variant?

From: Michel Arboi <michel.arboi () gmail com>
Date: Wed, 25 May 2005 09:52:33 +0200

On 25/05/05, mike king <ngiles () hushmail com> wrote:

this is not at all uncommon. so chances are its the same program just tweaked.


Thanks Mike. Another point: on some machines infected by the same
nasty beast, there is a second FTP server on a high port. The banners
look like ProFTPD (with miscellaneous version numbers) but the servers
are probably not ProFTPD: they allow commands before login, and answer
to a limited set of commands and freeze on common things like "cd .."
Anybody have seen this?
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

KIBUV.B or variant? Michel Arboi (May 24)
- <Possible follow-ups>
- Re: KIBUV.B or variant? mike king (May 24)
  - Re: KIBUV.B or variant? Michel Arboi (May 25)