RE: Increased Kuang2 activity

["Logan F.D. Greenlee" <lgreenlee () ciretose net>]

According to the information out there port 17300 is the control port
for the Trojan. Also, the only way that this Trojan can be installed is
via user interaction with an executable containing the virus. The virus
is also very old, 1999. I would suspect that this is "just" an attempt
by someone to check and see if there are any hosts out there that are
still infected.

-Logan 

-----Original Message-----
From: H C [mailto:keydet89 () yahoo com] 
Sent: Monday, February 10, 2003 1:26 PM
To: incidents () securityfocus com
Subject: RE: Increased Kuang2 activity

> Does anyone have any information on what the kuang2 
> trojan does, and what systems are vulnerable?

Maybe you stopped too soon...the first link from
Googling returned:

"Works on Windows 95 and 98. It can infect files on a
Windows NT machine, but the server program is not
correctly installed."

ISS's X-Force says:
http://www.iss.net/security_center/static/4074.php




__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com