RE: Increased Kuang2 activity

["Jennifer Fountain" <JFountain () rbinc com>]

Here is some information I found on the trojan:

http://www.glocksoft.com/trojan_list/Kuang2_the_virus.htm
http://cert.uni-stuttgart.de/archive/intrusions/2002/07/msg00059.html
http://www.iss.net/security_center/static/4074.php

according to iss, 98/95 are affected.  



Thank you
Jenn Fountain



-----Original Message-----
From: Logan F.D. Greenlee [mailto:lgreenlee () ciretose net]
Sent: Monday, February 10, 2003 11:46 AM
To: Jason Dixon; incidents () securityfocus com
Subject: RE: Increased Kuang2 activity


Does anyone have any information on what the kuang2 trojan does, and
what systems are vulnerable? My brief googling has only returned links
to the Trojan itself.

Thanks,
Logan

-----Original Message-----
From: Jason Dixon [mailto:jasondixon () myrealbox com] 
Sent: Sunday, February 09, 2003 7:01 PM
To: incidents () securityfocus com
Subject: Increased Kuang2 activity

I've noticed a large increase of activity to port 17300 hitting my
firewall over the last 3 days, from various sources.  Googling relates
this port to the kuang2 trojan.  Has anyone else seen this?  Anything
else this might be attributed to?

TIA,
J.




------------------------------------------------------------------------
----
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com