On Wed, 14 Nov 2001, Nick FitzGerald wrote: > Or this? > > http://www.securityfocus.com/archive/75/177265 > > Searching Google for "carko ddos" got quite a few hits... More to the point: http://www.securityfocus.com/archive/75/177587 To summarize, "Carko" was a very slightly customized version of "Stacheldraht v1.666 + antigl + yps Distributed Denial of Service Tool", as found in the Packetstorm archives, among other places. In another instance, a file named carko was something entirely different. In neither case was there a self-spreading vector. In other words, there was at least one attacker out there who broke into systems by hand, and liked to name files "carko". At the time, the attacker seemed to be gaining access primarily through an unreleased exploit for the snmpXdmid hole. After some checking, it was discovered that there were at least 5 different snmpXdmid exploits in existance. I believe Sun finally patched the hole last month. Ryan ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Nov 14 2001 - 08:25:04 PST