Security Incidents mailing list archives
RE: Increased Kuang2 activity
From: "Baklarz, Ron" <BaklarzR () usa redcross org>
Date: Mon, 10 Feb 2003 15:01:54 -0500
FWIW There is a check for this beastie in Nessus under 'Backdoors' The nessus Plugin ID is 10132. Ron Baklarz CISSP, GSEC Chief Information Security Officer The American Red Cross 8111 Gatehouse Road Falls Church, VA 22042 Phone: 703-206-7279 Pager: 877-594-3354 -----Original Message----- From: Jennifer Fountain [mailto:JFountain () rbinc com] Sent: Monday, February 10, 2003 12:00 PM To: Logan F.D. Greenlee; Jason Dixon; incidents () securityfocus com Subject: RE: Increased Kuang2 activity Here is some information I found on the trojan: http://www.glocksoft.com/trojan_list/Kuang2_the_virus.htm http://cert.uni-stuttgart.de/archive/intrusions/2002/07/msg00059.html http://www.iss.net/security_center/static/4074.php according to iss, 98/95 are affected. Thank you Jenn Fountain -----Original Message----- From: Logan F.D. Greenlee [mailto:lgreenlee () ciretose net] Sent: Monday, February 10, 2003 11:46 AM To: Jason Dixon; incidents () securityfocus com Subject: RE: Increased Kuang2 activity Does anyone have any information on what the kuang2 trojan does, and what systems are vulnerable? My brief googling has only returned links to the Trojan itself. Thanks, Logan -----Original Message----- From: Jason Dixon [mailto:jasondixon () myrealbox com] Sent: Sunday, February 09, 2003 7:01 PM To: incidents () securityfocus com Subject: Increased Kuang2 activity I've noticed a large increase of activity to port 17300 hitting my firewall over the last 3 days, from various sources. Googling relates this port to the kuang2 trojan. Has anyone else seen this? Anything else this might be attributed to? TIA, J. ------------------------------------------------------------------------ ---- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Increased Kuang2 activity Jason Dixon (Feb 10)
- Re: Increased Kuang2 activity Johannes Ullrich (Feb 10)
- <Possible follow-ups>
- RE: Increased Kuang2 activity Logan F.D. Greenlee (Feb 10)
- RE: Increased Kuang2 activity Jason Dixon (Feb 10)
- RE: Increased Kuang2 activity Rev. Kronovohr (Feb 10)
- RE: Increased Kuang2 activity Jennifer Fountain (Feb 10)
- RE: Increased Kuang2 activity davec (Feb 10)
- RE: Increased Kuang2 activity Logan F.D. Greenlee (Feb 10)
- RE: Increased Kuang2 activity James C Slora Jr (Feb 10)
- Re: Increased Kuang2 activity Kurt Seifried (Feb 10)
- RE: Increased Kuang2 activity James C Slora Jr (Feb 10)
- RE: Increased Kuang2 activity Baklarz, Ron (Feb 10)
- RE: Increased Kuang2 activity James C Slora Jr (Feb 10)
- RE: Increased Kuang2 activity Thierry Zoller (Feb 10)