Security Incidents mailing list archives

RE: Increased Kuang2 activity

From: "Baklarz, Ron" <BaklarzR () usa redcross org>
Date: Mon, 10 Feb 2003 15:01:54 -0500

FWIW There is a check for this beastie in Nessus under 'Backdoors' The
nessus Plugin ID is 10132.

Ron Baklarz  CISSP, GSEC
Chief Information Security Officer
The American Red Cross

8111 Gatehouse Road
Falls Church, VA 22042

Phone: 703-206-7279  
Pager:  877-594-3354



-----Original Message-----
From: Jennifer Fountain [mailto:JFountain () rbinc com] 
Sent: Monday, February 10, 2003 12:00 PM
To: Logan F.D. Greenlee; Jason Dixon; incidents () securityfocus com
Subject: RE: Increased Kuang2 activity

Here is some information I found on the trojan:

http://www.glocksoft.com/trojan_list/Kuang2_the_virus.htm
http://cert.uni-stuttgart.de/archive/intrusions/2002/07/msg00059.html
http://www.iss.net/security_center/static/4074.php

according to iss, 98/95 are affected.  



Thank you
Jenn Fountain



-----Original Message-----
From: Logan F.D. Greenlee [mailto:lgreenlee () ciretose net]
Sent: Monday, February 10, 2003 11:46 AM
To: Jason Dixon; incidents () securityfocus com
Subject: RE: Increased Kuang2 activity


Does anyone have any information on what the kuang2 trojan does, and
what systems are vulnerable? My brief googling has only returned links
to the Trojan itself.

Thanks,
Logan

-----Original Message-----
From: Jason Dixon [mailto:jasondixon () myrealbox com] 
Sent: Sunday, February 09, 2003 7:01 PM
To: incidents () securityfocus com
Subject: Increased Kuang2 activity

I've noticed a large increase of activity to port 17300 hitting my
firewall over the last 3 days, from various sources.  Googling relates
this port to the kuang2 trojan.  Has anyone else seen this?  Anything
else this might be attributed to?

TIA,
J.




------------------------------------------------------------------------
----
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Increased Kuang2 activity Jason Dixon (Feb 10)
- Re: Increased Kuang2 activity Johannes Ullrich (Feb 10)
- <Possible follow-ups>
- RE: Increased Kuang2 activity Logan F.D. Greenlee (Feb 10)
  - RE: Increased Kuang2 activity Jason Dixon (Feb 10)
  - RE: Increased Kuang2 activity Rev. Kronovohr (Feb 10)
- RE: Increased Kuang2 activity Jennifer Fountain (Feb 10)
- RE: Increased Kuang2 activity davec (Feb 10)
- RE: Increased Kuang2 activity Logan F.D. Greenlee (Feb 10)
  - RE: Increased Kuang2 activity James C Slora Jr (Feb 10)
    - Re: Increased Kuang2 activity Kurt Seifried (Feb 10)
- RE: Increased Kuang2 activity Baklarz, Ron (Feb 10)
- RE: Increased Kuang2 activity James C Slora Jr (Feb 10)
- RE: Increased Kuang2 activity Thierry Zoller (Feb 10)