Re: sdbot variant and WS 55808 activity

[H Carvey <keydet89 () yahoo com>]

In-Reply-To: <sef1a4d0.062 () smtp co pinellas fl us>


> Some additional info. The mention of "Day 0" might be
of concern.
>

How so?  Are you saying that just b/c Dennis Fisher
says that there's a "Day 0" out there, it must be true?  

So far, all that's been made available is a bunch of
packet captures, and even more speculation.  Sure, I
agree that it *could be* a Trojan, but we don't know. 
The only person who seems to have found anything
resembling source code or a binary for this has been
Joe Stewart.  But even he says:

> Maybe someone is just testing a new implementation of
> the synscanning code in a distributed 
> manner, and has some bugs to work out.

Harlan

----------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the 
world's premier technical IT security event! 10 tracks, 15 training sessions, 
1,800 delegates from 30 nations including all of the top experts, from CSO's to 
"underground" security specialists.  See for yourself what the buzz is about!  
Early-bird registration ends July 3.  This event will sell out. www.blackhat.com
----------------------------------------------------------------------------