[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] KIBUV.B or variant?
- To: <full-disclosure@xxxxxxxxxxxxxxxxx>, <michel.arboi@xxxxxxxxx>
- Subject: Re: [Full-disclosure] KIBUV.B or variant?
- From: "mike king" <ngiles@xxxxxxxxxxxx>
- Date: Tue, 24 May 2005 20:42:24 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
the src code to these bots are traded around a great deal. most
likley either the irc owner changed the port /banner in which the
bot is to listen or they have coded it with a different port and
banner. this is not at all uncommon. so chances are its the same
program just tweaked.
On Tue, 24 May 2005 14:19:09 -0700 Michel Arboi
<michel.arboi@xxxxxxxxx> wrote:
>I found a FTP server on port 42260 with this banner: 220 fuckFtpd
>0wns j0
>It looks slightly different from KIBUV.B (it says "StnyFtpd 0wns
>j0"
>and is not on the right port)
>http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WOR
>M%5FKIBUV%2EB&VSect=T
>
>Is the description incomplete or this is a new malware?
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.4
wkYEARECAAYFAkKT9BoACgkQUjm7xSZSd8FfJACgoEmpWRJFkWUqLHVuNzyGPBP0WjQA
oL/FHBIXfAr/zW8xhDyFIabLyepf
=KYJI
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/