Re: Distributed MSADC/root.exe scans

[zeno <bugtraq () cgisecurity net>]

> I have trouble believing someone would go to the trouble of collecting
> compromised hosts and then waste them stealthily scanning for
> vulnerabilities which even inattentive admins are likely to have patched
> and will trigger any halfway decent IDS but a quick google didn't turn up
> anything much.
> Does anyone know what might be causing this?


People do collect infected hosts for use with ddos nets or machines to bounce from.
I still get valid code red hits almost daily which means alot of people still haven't
patched. I would find it very probable someone is collecting infected/backdoored hosts
for use in a ddos. Its very easy to upload a trojan and gain full access to these machines
so I don't understand why people wouldn't be scanning.

- zeno () cgisecurity com



> Chris
>
>
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management 
> and tracking system please see: http://aris.securityfocus.com


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com