lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <c002bd9605052500523fa8aacf@mail.gmail.com>
Date: Wed May 25 08:52:41 2005
From: michel.arboi at gmail.com (Michel Arboi)
Subject: KIBUV.B or variant?

On 25/05/05, mike king <ngiles@...hmail.com> wrote:
> this is not at all uncommon. so chances are its the same program just tweaked.

Thanks Mike. Another point: on some machines infected by the same
nasty beast, there is a second FTP server on a high port. The banners
look like ProFTPD (with miscellaneous version numbers) but the servers
are probably not ProFTPD: they allow commands before login, and answer
to a limited set of commands and freeze on common things like "cd .."
Anybody have seen this?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ