Full Disclosure mailing list archives
ISS Security Brief: "Stumbler" Distributed Stealth Scanning Network (fwd)
From: "Peter E. Johnson" <rottz () securityflaw com>
Date: Fri, 20 Jun 2003 01:07:27 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This advisory isn't as good as intrusec's but the snort rule for 'Tron' is helpful to detect infected hosts. alert tcp any any -> 12.108.65.76/32 22 (msg:"Stumbler Trojan";) Intrusec's Advisory: http://www.intrusec.com/55808.html - ---------- Forwarded message ---------- Date: Thu, 19 Jun 2003 23:52:16 -0400 (EDT) From: X-Force <xforce () iss net> To: alert () iss net Subject: ISS Security Brief: "Stumbler" Distributed Stealth Scanning Network - --[PinePGP]--------------------------------------------------[begin]-- Internet Security Systems Security Alert June 19, 2003 "Stumbler" Distributed Stealth Scanning Network Synopsis: X-Force has been tracking reports of suspicious and widespread Internet traffic with a TCP Window size of 55808. A substantial amount of traffic captured from sites around the world point to a new distributed port scanning system. X-Force has analyzed malware that appears to be a client capable of scanning and receiving network mapping data from other similar clients distributed across the Internet. X-Force has named this malware, "Stumbler". For the complete ISS X-Force Security Alert, please visit: http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=22441 ______ About Internet Security Systems (ISS) Founded in 1994, Internet Security Systems (ISS) (Nasdaq: ISSX) is a pioneer and world leader in software and services that protect critical online resources from an ever-changing spectrum of threats and misuse. Internet Security Systems is headquartered in Atlanta, GA, with additional operations throughout the Americas, Asia, Australia, Europe and the Middle East. Copyright (c) 2003 Internet Security Systems, Inc. All rights reserved worldwide. Permission is hereby granted for the electronic redistribution of this document. It is not to be edited or altered in any way without the express written consent of the Internet Security Systems X-Force. If you wish to reprint the whole or any part of this document in any other medium excluding electronic media, please email xforceiss.net for permission. Disclaimer: The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information. X-Force PGP Key available on MIT's PGP key server and PGP.com's key server, as well as at http://www.iss.net/security_center/sensitive.php Please send suggestions, updates, and comments to: X-Force xforceiss.net of Internet Security Systems, Inc. - --[PinePGP]----------------------------------------------------------- gpg: Signature made Thu 19 Jun 2003 11:50:27 PM EDT using RSA key ID 7DF5E1BD gpg: Good signature from "X-Force <xforce () iss net>" gpg: Fingerprint: AB 47 94 77 68 8F 75 94 73 28 87 51 39 97 FB F8 - --[PinePGP]----------------------------------------------------[end]-- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE+8paUX3lbyIti9jYRAgzaAJ4+XFR72X7A+DokbB3OMdj1w6ceRgCfXTJs D8LDK95CM2VtyLym/pPB/kk= =oQUX -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- ISS Security Brief: "Stumbler" Distributed Stealth Scanning Network (fwd) Peter E. Johnson (Jun 19)