-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_K
IBUV.B&VSect=T
Mike
________________________________
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Ryan
Sumida
Sent: Thursday, September 23, 2004 10:42 AM
To: [EMAIL PROTECTED]
Subject: [Full-Disclosure] unknown backdoor: 220 StnyFtpd 0wns j0
I've been finding a few compromised Windows systems on our campus
that have a random port open with a banner of "220 StnyFtpd 0wns j0".
All the systems seem to be doing SYN scans on port 445 and LSASS
buffer overflow attempts. Anyone know what worm/bot is doing this?
I don't have access to these machines so I can only get a network
view of what the systems are doing.
Thanks,
Ryan
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3
iQA/AwUBQVMggXM87JWv+p9GEQKhlACgg5Bu7/7oNot2mojru42n4arvvtwAoK92
vCQLsHX37i7hK4P5vwMgrScD
=rLJ1
-----END PGP SIGNATURE-----
Note: The information contained in this message may be privileged and
confidential and thus protected from disclosure. If the reader of this
message is not the intended recipient, or an employee or agent responsible
for delivering this message to the intended recipient, you are hereby
notified that any dissemination, distribution or copying of this
communication is strictly prohibited. If you have received this
communication in error, please notify us immediately by replying to the
message and deleting it from your computer. Thank you.
PGPexch.rtf.pgp
Description: PGPexch.rtf.pgp
