Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Malware Identified (window size 55808)

From: Jeff Nathan <jeff () snort org>
Date: Sun, 22 Jun 2003 13:37:33 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

(Oops, I replied to the wrong thread last time)

ISS's work was based on a paper written by Dave Meltzer.  Meltzer, being 
the individual who discovered the Linux binaries in the wild, has already 
said the binaries he found do not match the behavior of the traffic we've 
all been seeing.

In other words, they're A source, not THE source.

- -Jeff

- --On Saturday, June 21, 2003 12:14:08 -0400 Michael Wright 
<michael.wright () som com> wrote:


http://www.eweek.com/article2/0,3959,1132253,00.asp

Finally the bug has been identified, whose only known signature was a
window size of 55808.  First dubbed a Trojan, it has been downgraded to a
"mapping tool."  It carries no payload, therefore is not immediately
dangerous (but appears to be easily upgraded with additional code).

It appears that it currently infects only Linux boxes but again, could be
easily upgraded with additional code.


--
Regards,

Michael Wright

http://mcwresearch.com

PGP Key ID:  0x4DCFCE57




-------------------------------------------------------
This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



- --
http://cerberus.sourcefire.com/~jeff       (pgp key available)
"Great spirits have always encountered violent opposition from mediocre
minds."
- - Albert Einstein
    
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (OpenBSD)

iD8DBQE+9hOREqr8+Gkj0/0RAka4AJ9EqeW2jUUtZ/7PMllJbdG6fu9NUwCeLCJc
6v/j6hONYsY8kMdZs46xbUE=
=ZsSU
-----END PGP SIGNATURE-----



-------------------------------------------------------
This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: