[Snort-users] Malware Identified (window size 55808)

Jeff Nathan jeff at ...950...
Sun Jun 22 13:38:02 EDT 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

(Oops, I replied to the wrong thread last time)

ISS's work was based on a paper written by Dave Meltzer.  Meltzer, being 
the individual who discovered the Linux binaries in the wild, has already 
said the binaries he found do not match the behavior of the traffic we've 
all been seeing.

In other words, they're A source, not THE source.

- -Jeff

- --On Saturday, June 21, 2003 12:14:08 -0400 Michael Wright 
<michael.wright at ...9533...> wrote:

> http://www.eweek.com/article2/0,3959,1132253,00.asp
>
> Finally the bug has been identified, whose only known signature was a
> window size of 55808.  First dubbed a Trojan, it has been downgraded to a
> "mapping tool."  It carries no payload, therefore is not immediately
> dangerous (but appears to be easily upgraded with additional code).
>
> It appears that it currently infects only Linux boxes but again, could be
> easily upgraded with additional code.
>
>
> --
> Regards,
>
> Michael Wright
>
> http://mcwresearch.com
>
> PGP Key ID:  0x4DCFCE57
>
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: INetU
> Attention Web Developers & Consultants: Become An INetU Hosting Partner.
> Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
> INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


- --
http://cerberus.sourcefire.com/~jeff       (pgp key available)
"Great spirits have always encountered violent opposition from mediocre
minds."
- - Albert Einstein
    
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (OpenBSD)

iD8DBQE+9hOREqr8+Gkj0/0RAka4AJ9EqeW2jUUtZ/7PMllJbdG6fu9NUwCeLCJc
6v/j6hONYsY8kMdZs46xbUE=
=ZsSU
-----END PGP SIGNATURE-----





More information about the Snort-users mailing list