Penetration Testing mailing list archives
found kuang2thevirus remote tool
From: John Public <johnqpublic2323 () yahoo com>
Date: Thu, 5 Jun 2003 05:59:00 -0700 (PDT)
Hi, I posted earlier asking for help finding this tool but someone has already sent me an earlier version that seems to work. As soon as I am done with immediate concerns I will reverse the protocol and write an open source client for this thing. Apparently the kuang2 virus/trojan infects exe files as a virus, but also binds tcp port 17300 listening for remote control/update information without authentication. I have seen first hand that Korea has a pandemic situation with this, and have tens of thousands of infected systems that attackers are actively using as a part of irc-controlled bot nets. thanks, jqp __________________________________ Do you Yahoo!? Yahoo! Calendar - Free online calendar with sync to Outlook(TM). http://calendar.yahoo.com --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- found kuang2thevirus remote tool John Public (Jun 06)