Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Re: IIS Search Method Overflow being revisted?
From: "Jay Woody" <jay_woody () tnb com>
Date: Fri, 26 Mar 2004 09:03:12 -0600
Yeah, I realized after I sent it.  I saw ISS, not IIS.  I wish I had some excuse, but just too quick on the draw I 
guess.  I personally think we ought to have some acronym providing organization that keeps them from being too close.  
:)

JayW


Nick FitzGerald <nick () virus-l demon co uk> 03/25/04 07:17PM >>>

"Jay Woody" <jay_woody () tnb com> to <rohnyjotton () hotmail com>:


I thought there was a new one.  Hang on . . . 

http://www.winnetmag.com/WindowsSecurity/Article/ArticleID/42099/WindowsSecurity_42099.html 


Ahhh, no -- that is an ICQ problem in ISS BlackICE, etc products.  
_Quite_ unrelated...


Here.  I didn't read much about since we don't use it, but I think this
may be what they are looking for. 


Actually, I doubt you could be further off.

Jay -- I know it's probably not worth much to you, but I think that 
many will be experiencing an increase in such attempts (though they may 
not be noticing them).

What may help is I am seeing them coincidental with attempts from the 
same source IPs on TCP 2745.  That is the port the backdoor installed 
by Bagle.D and Bagle.E (and probably other variants) listens on.  My 
guess is that one of the recent Agobot or Polybot variants is probably 
responsible for the port 80 traffic you are seeing, as some of these 
have quite an arsenal of spread mechanisms.


-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854



---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security

Protect your network against hackers, viruses, spam and other risks with Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost of
ownership.

Download your free trial at
http://www.securityfocus.com/sponsor/Astaro_incidents_040301
----------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]