Snort mailing list archives
RE: New Blaster variant?
From: Security Admin <SecurityAdmin () aspentech com>
Date: Tue, 28 Oct 2003 21:35:46 -0500
Port 27347 is a sub 7 trojan port. The following worm is also known to use this port after infection through Kazza etc.....W32/Spybot.worm.gen. All I've heard is a variant where infected machines are found to be listening on port 707. This information is not confirmed yet and no AV vendors are reporting anything. Apparently no AV scanners have been able to detect this, it was discovered by an aware sys admin. I have only heard of 2 incidents of this in the last 24 hours. Patch your machines with MS03-039 and MS03-043 at a minimum and block ports at the firewall. -----Original Message----- From: Jim Brown [mailto:jpb () sixshooter v6 thrupoint net] Sent: Tuesday, October 28, 2003 3:49 PM To: snort-users () lists sourceforge net Subject: Re: [Snort-users] New Blaster variant? * Bryan Oser <bryano () stratarc com> [2003-10-28 15:51]:
I've heard rumors of a new Blaster variant. Has anyone heard of this? Bryan Oser Network Manager STA Group
http://isc.incidents.org/port_details.html?port=27347 ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- New Blaster variant? Bryan Oser (Oct 28)
- Re: New Blaster variant? Jim Brown (Oct 28)
- <Possible follow-ups>
- RE: New Blaster variant? Security Admin (Oct 28)
- Re: New Blaster variant? Jeff Kell (Oct 28)