Educause Security Discussion mailing list archives
Re: Recent Gaobot event
From: David Escalante <david.escalante () BC EDU>
Date: Thu, 16 Dec 2004 20:53:29 -0500
FWIW, a couple extra details: - if you look up the article, there are a couple points where the student writing the article got very confused and got things wrong, so don't believe everything in it - we also found 2 new SDbot variants in the past couple weeks doing the same thing, submitted them to our A/V vendor, and hopefully they'll be in the new signature files soon if they aren't already (we have supplemental files for them now) - what troubles me about this is at least 3 new variants have displayed this behavior, and the attacks on the domain controllers seem to have been "cloaked" behind massive host and port scanning taking place from other infected/bot'ed computers at the same time; on this basis I would suggest that if you notice that bot'ed machines are doing something aggressive on your campus, it would be wise to look a little deeper and see if there's something else potentially more serious going on in the background as well -- Dave Escalante Boston College Gordon D. Wishon wrote:
Is anyone else seeing any evidence of this on their campus? Like Boston College, we've been hit with this within the past two weeks, and at one point the traffic generated by machines attempting to phone home seriously affected our network performance._Virus Steals Student Passwords:_ Boston College's campus network was hit by a virus that forced computers to guess at passwords that would provide access to other linked machines. /The Heights/Curiously, we've found little discussion of this elsewhere. Gordon ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- Recent Gaobot event Gordon D. Wishon (Dec 16)
- <Possible follow-ups>
- Re: Recent Gaobot event H. Morrow Long (Dec 16)
- Re: Recent Gaobot event Gordon D. Wishon (Dec 16)
- Re: Recent Gaobot event Gary Dobbins (Dec 16)
- Re: Recent Gaobot event Mike Peterson (Dec 16)
- Re: Recent Gaobot event Jim Pollard (Dec 16)
- Re: Recent Gaobot event Dave Monnier, IT Security Office, Indiana University (Dec 16)
- Re: Recent Gaobot event Mark Wilson (Dec 16)
- Re: Recent Gaobot event David Escalante (Dec 16)
- Re: Recent Gaobot event Gibbs, Aaron M. (Dec 20)
- Re: Recent Gaobot event Joseph Vieira (Dec 21)
- Re: Recent Gaobot event Michael Horne (Dec 21)
- Re: Recent Gaobot event Robert Johnson (Dec 21)
- Re: Recent Gaobot event Penn, Blake (Dec 22)
- Re: Recent Gaobot event Barbara Tibbs (Dec 24)
- Re: Recent Gaobot event Gary Dobbins (Dec 24)
- Re: Recent Gaobot event Ron Watts (Dec 30)