Announce: kuang2.pl (honeyd script)

[Klaus Steding-Jessen <jessen () nic br>]

[from the README]

Description

   kuang2.pl is a Honeyd module that emulates the backdoor installed
   by the Kuang2 virus.  It saves uploaded files and also logs
   attempts to use Kuang2 backdoor commands, like file download,
   execution, deletion, etc.


Availability

   The latest version of kuang2.pl is available from
   http://www.honeynet.org.br/tools/


Additional information

   Nowadays several bots and other malware are using existing Kuang2
   infected machines to spread.  Being able to capture these uploaded
   files is a good way to get new specimens to study as well as
   keeping AV vendors up to date with their signatures.  Additional
   information about Kuang2 and Spybots is available at:

   * Virus Profile
     http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=10213

   * Internet Storm Center -- port 17300/tcp details
     http://isc.incidents.org/port_details.html?port=17300

   * Milkit: An Innovator of Old Technology
     http://www.lurhq.com/sig-milkit.html

   * Worm.P2P.SpyBot
     http://www.viruslist.com/eng/viruslist.html?id=60639


Have fun,
Klaus.