Security Incidents mailing list archives
Re: Distributed MSADC/root.exe scans
From: zeno <bugtraq () cgisecurity net>
Date: Mon, 25 Feb 2002 08:38:27 -0500 (EST)
I have trouble believing someone would go to the trouble of collecting compromised hosts and then waste them stealthily scanning for vulnerabilities which even inattentive admins are likely to have patched and will trigger any halfway decent IDS but a quick google didn't turn up anything much. Does anyone know what might be causing this?
People do collect infected hosts for use with ddos nets or machines to bounce from. I still get valid code red hits almost daily which means alot of people still haven't patched. I would find it very probable someone is collecting infected/backdoored hosts for use in a ddos. Its very easy to upload a trojan and gain full access to these machines so I don't understand why people wouldn't be scanning. - zeno () cgisecurity com
Chris ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Distributed MSADC/root.exe scans Chris Adams (Feb 23)
- <Possible follow-ups>
- Re: Distributed MSADC/root.exe scans zeno (Feb 25)