[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] KIBUV.B or variant?

To: mike king <ngiles@xxxxxxxxxxxx>
Subject: Re: [Full-disclosure] KIBUV.B or variant?
From: Michel Arboi <michel.arboi@xxxxxxxxx>
Date: Wed, 25 May 2005 09:52:33 +0200

On 25/05/05, mike king <ngiles@xxxxxxxxxxxx> wrote:
> this is not at all uncommon. so chances are its the same program just tweaked.

Thanks Mike. Another point: on some machines infected by the same
nasty beast, there is a second FTP server on a high port. The banners
look like ProFTPD (with miscellaneous version numbers) but the servers
are probably not ProFTPD: they allow commands before login, and answer
to a limited set of commands and freeze on common things like "cd .."
Anybody have seen this?
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- Re: [Full-disclosure] KIBUV.B or variant?
  - From: mike king

Prev by Date: [Full-disclosure] Miva Merchant 4.x Tax Calculation Bypass Vulnerability w/ PoC
Next by Date: Re: [Full-disclosure] XSS in Sambar Server version 6.2
Previous by thread: Re: [Full-disclosure] KIBUV.B or variant?
Next by thread: [Full-disclosure] CAID 32896 - Computer Associates Vet Antivirus engine heap overflow vulnerability
Index(es):
- Date
- Thread