Re: Recent Gaobot event

[David Escalante <david.escalante () BC EDU>]

FWIW, a couple extra details:

- if you look up the article, there are a couple points where the
student writing the article got very confused and got things wrong, so
don't believe everything in it

- we also found 2 new SDbot variants in the past couple weeks doing the
same thing, submitted them to our A/V vendor, and hopefully they'll be
in the new signature files soon if they aren't already (we have
supplemental files for them now)

- what troubles me about this is at least 3 new variants have displayed
this behavior, and the attacks on the domain controllers seem to have
been "cloaked" behind massive host and port scanning taking place from
other infected/bot'ed computers at the same time; on this basis I would
suggest that if you notice that bot'ed machines are doing something
aggressive on your campus, it would be wise to look a little deeper and
see if there's something else potentially more serious going on in the
background as well
--
Dave Escalante
Boston College

Gordon D. Wishon wrote:

> Is anyone else seeing any evidence of this on their campus?  Like
> Boston College, we've been hit with this within the past two weeks,
> and at one point the traffic generated by machines attempting to phone
> home seriously affected our network performance.
>
>
> > _Virus Steals Student Passwords:_ Boston College's campus network was
> > hit by a virus that forced computers to guess at passwords that would
> > provide access to other linked machines.
> > /The Heights/
>
>
> Curiously, we've found little discussion of this elsewhere.
>
> Gordon
>
> ********** Participation and subscription information for this
> EDUCAUSE Discussion Group discussion list can be found at
> http://www.educause.edu/groups/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.