Snort mailing list archives
Re: Malware Identified (window size 55808)
From: Jeff Nathan <jeff () snort org>
Date: Sun, 22 Jun 2003 13:37:33 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 (Oops, I replied to the wrong thread last time) ISS's work was based on a paper written by Dave Meltzer. Meltzer, being the individual who discovered the Linux binaries in the wild, has already said the binaries he found do not match the behavior of the traffic we've all been seeing. In other words, they're A source, not THE source. - -Jeff - --On Saturday, June 21, 2003 12:14:08 -0400 Michael Wright <michael.wright () som com> wrote:
http://www.eweek.com/article2/0,3959,1132253,00.asp Finally the bug has been identified, whose only known signature was a window size of 55808. First dubbed a Trojan, it has been downgraded to a "mapping tool." It carries no payload, therefore is not immediately dangerous (but appears to be easily upgraded with additional code). It appears that it currently infects only Linux boxes but again, could be easily upgraded with additional code. -- Regards, Michael Wright http://mcwresearch.com PGP Key ID: 0x4DCFCE57 ------------------------------------------------------- This SF.Net email is sponsored by: INetU Attention Web Developers & Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
- -- http://cerberus.sourcefire.com/~jeff (pgp key available) "Great spirits have always encountered violent opposition from mediocre minds." - - Albert Einstein -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (OpenBSD) iD8DBQE+9hOREqr8+Gkj0/0RAka4AJ9EqeW2jUUtZ/7PMllJbdG6fu9NUwCeLCJc 6v/j6hONYsY8kMdZs46xbUE= =ZsSU -----END PGP SIGNATURE----- ------------------------------------------------------- This SF.Net email is sponsored by: INetU Attention Web Developers & Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Malware Identified (window size 55808) Michael Wright (Jun 21)
- Re: Malware Identified (window size 55808) Jeff Nathan (Jun 22)