[Snort-users] Malware Identified (window size 55808)

Jeff Nathan jeff at ...950...
Sun Jun 22 13:38:02 EDT 2003

Hash: SHA1

(Oops, I replied to the wrong thread last time)

ISS's work was based on a paper written by Dave Meltzer.  Meltzer, being 
the individual who discovered the Linux binaries in the wild, has already 
said the binaries he found do not match the behavior of the traffic we've 
all been seeing.

In other words, they're A source, not THE source.

- -Jeff

- --On Saturday, June 21, 2003 12:14:08 -0400 Michael Wright 
<michael.wright at ...9533...> wrote:

> http://www.eweek.com/article2/0,3959,1132253,00.asp
> Finally the bug has been identified, whose only known signature was a
> window size of 55808.  First dubbed a Trojan, it has been downgraded to a
> "mapping tool."  It carries no payload, therefore is not immediately
> dangerous (but appears to be easily upgraded with additional code).
> It appears that it currently infects only Linux boxes but again, could be
> easily upgraded with additional code.
> --
> Regards,
> Michael Wright
> http://mcwresearch.com
> PGP Key ID:  0x4DCFCE57
> -------------------------------------------------------
> This SF.Net email is sponsored by: INetU
> Attention Web Developers & Consultants: Become An INetU Hosting Partner.
> Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
> INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

- --
http://cerberus.sourcefire.com/~jeff       (pgp key available)
"Great spirits have always encountered violent opposition from mediocre
- - Albert Einstein
Version: GnuPG v1.0.7 (OpenBSD)


More information about the Snort-users mailing list