Educause Security Discussion mailing list archives
"Stealth" Agobot/Gaobot?
From: Jeff Kell <jeff-kell () UTC EDU>
Date: Tue, 27 Apr 2004 16:41:29 -0400
Twice today I have seen indications of Agobot infections. As has been my usual procedure, I nmap the beast, try nbtscan for NetBIOS info, then shut down the port. But nmap indicates nothing other than 135/139/1025 and the scanning stops. Is this a new "stealth bot" that shuts down or sleeps for awhile if it detects a scan? This is getting creepy. Jeff Kell University of Tennessee at Chattanooga ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- "Stealth" Agobot/Gaobot? Jeff Kell (Apr 27)
- <Possible follow-ups>
- Re: "Stealth" Agobot/Gaobot? Mark Wilson (Apr 27)
- Re: "Stealth" Agobot/Gaobot? Brian Eckman (Apr 27)
- Re: "Stealth" Agobot/Gaobot? Brian Eckman (Apr 29)