Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Port 17300 probes?

From: Joris De Donder <joris () digitaldefense be>
Date: Tue, 15 Apr 2003 20:38:55 +0200


if you have any
information on why this scanning is being seen in an increasing number,
that would be appreciated (the tool that does the scanning perhaps?)


http://members.lycos.co.uk/ircspybot/


From the readme.txt:


   "Date: 08:04:2003
   Fixed the kuang spreader

   Date: 05:04:2003
   Features:
   - HTTP server
   [...]
   - Port scanner
   - Syn flooder
   - Kuang2 and sub7 spreader
   [...]"

Also last year (in august I think) a new client was released for the Kuang
trojan.

From a post on trojanforge.net:

   "This new client will allow you to scan for kuang servers and
   automatically update the server from a url that you specify. You can
   either use the built in scanner or load an external list of ip
   addresses."



Joris



----------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the 
world's premier event for IT and network security experts.  The two-day 
Training features 6 hand-on courses on May 12-13 taught by professionals.  
The two-day Briefings on May 14-15 features 24 top speakers with no vendor 
sales pitches.  Deadline for the best rates is April 25.  Register today to 
ensure your place. http://www.securityfocus.com/BlackHat-incidents 
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: