Honeypots mailing list archives
Announce: kuang2.pl (honeyd script)
From: Klaus Steding-Jessen <jessen () nic br>
Date: Mon, 7 Jun 2004 20:21:45 -0300
[from the README] Description kuang2.pl is a Honeyd module that emulates the backdoor installed by the Kuang2 virus. It saves uploaded files and also logs attempts to use Kuang2 backdoor commands, like file download, execution, deletion, etc. Availability The latest version of kuang2.pl is available from http://www.honeynet.org.br/tools/ Additional information Nowadays several bots and other malware are using existing Kuang2 infected machines to spread. Being able to capture these uploaded files is a good way to get new specimens to study as well as keeping AV vendors up to date with their signatures. Additional information about Kuang2 and Spybots is available at: * Virus Profile http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=10213 * Internet Storm Center -- port 17300/tcp details http://isc.incidents.org/port_details.html?port=17300 * Milkit: An Innovator of Old Technology http://www.lurhq.com/sig-milkit.html * Worm.P2P.SpyBot http://www.viruslist.com/eng/viruslist.html?id=60639 Have fun, Klaus.
Current thread:
- Announce: kuang2.pl (honeyd script) Klaus Steding-Jessen (Jun 07)