Security Incidents mailing list archives
Re: sdbot variant and WS 55808 activity
From: H Carvey <keydet89 () yahoo com>
Date: 19 Jun 2003 20:32:01 -0000
In-Reply-To: <sef1a4d0.062 () smtp co pinellas fl us>
Some additional info. The mention of "Day 0" might be
of concern.
How so? Are you saying that just b/c Dennis Fisher says that there's a "Day 0" out there, it must be true? So far, all that's been made available is a bunch of packet captures, and even more speculation. Sure, I agree that it *could be* a Trojan, but we don't know. The only person who seems to have found anything resembling source code or a binary for this has been Joe Stewart. But even he says:
Maybe someone is just testing a new implementation of the synscanning code in a distributed manner, and has some bugs to work out.
Harlan ---------------------------------------------------------------------------- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com ----------------------------------------------------------------------------
Current thread:
- Re: sdbot variant and WS 55808 activity Richard Ginski (Jun 19)
- <Possible follow-ups>
- Re: sdbot variant and WS 55808 activity H Carvey (Jun 19)
- RE: sdbot variant and WS 55808 activity James C. Slora, Jr. (Jun 19)
- Re: sdbot variant and WS 55808 activity Anders Reed Mohn (Jun 21)
- RE: sdbot variant and WS 55808 activity digigal11 (Jun 21)