According to the information out there port 17300 is the control port for the Trojan. Also, the only way that this Trojan can be installed is via user interaction with an executable containing the virus. The virus is also very old, 1999. I would suspect that this is "just" an attempt by someone to check and see if there are any hosts out there that are still infected. -Logan -----Original Message----- From: H C [mailto:keydet89at_private] Sent: Monday, February 10, 2003 1:26 PM To: incidentsat_private Subject: RE: Increased Kuang2 activity > Does anyone have any information on what the kuang2 > trojan does, and what systems are vulnerable? Maybe you stopped too soon...the first link from Googling returned: "Works on Windows 95 and 98. It can infect files on a Windows NT machine, but the server program is not correctly installed." ISS's X-Force says: http://www.iss.net/security_center/static/4074.php __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Feb 10 2003 - 12:12:00 PST