RE: Increased Kuang2 activity

From: Baklarz, Ron (BaklarzRat_private)
Date: Mon Feb 10 2003 - 12:01:54 PST

Next message: James C Slora Jr: "RE: Increased Kuang2 activity"

Previous message: Logan F.D. Greenlee: "RE: Increased Kuang2 activity"
Maybe in reply to: Jason Dixon: "Increased Kuang2 activity"
Next in thread: James C Slora Jr: "RE: Increased Kuang2 activity"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

FWIW There is a check for this beastie in Nessus under 'Backdoors' The
nessus Plugin ID is 10132.

Ron Baklarz  CISSP, GSEC
Chief Information Security Officer
The American Red Cross

8111 Gatehouse Road
Falls Church, VA 22042

Phone: 703-206-7279  
Pager:  877-594-3354



-----Original Message-----
From: Jennifer Fountain [mailto:JFountainat_private] 
Sent: Monday, February 10, 2003 12:00 PM
To: Logan F.D. Greenlee; Jason Dixon; incidentsat_private
Subject: RE: Increased Kuang2 activity

Here is some information I found on the trojan:

http://www.glocksoft.com/trojan_list/Kuang2_the_virus.htm
http://cert.uni-stuttgart.de/archive/intrusions/2002/07/msg00059.html
http://www.iss.net/security_center/static/4074.php

according to iss, 98/95 are affected.  



Thank you
Jenn Fountain



-----Original Message-----
From: Logan F.D. Greenlee [mailto:lgreenleeat_private]
Sent: Monday, February 10, 2003 11:46 AM
To: Jason Dixon; incidentsat_private
Subject: RE: Increased Kuang2 activity


Does anyone have any information on what the kuang2 trojan does, and
what systems are vulnerable? My brief googling has only returned links
to the Trojan itself.

Thanks,
Logan

-----Original Message-----
From: Jason Dixon [mailto:jasondixonat_private] 
Sent: Sunday, February 09, 2003 7:01 PM
To: incidentsat_private
Subject: Increased Kuang2 activity

I've noticed a large increase of activity to port 17300 hitting my
firewall over the last 3 days, from various sources.  Googling relates
this port to the kuang2 trojan.  Has anyone else seen this?  Anything
else this might be attributed to?

TIA,
J.




------------------------------------------------------------------------
----
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: James C Slora Jr: "RE: Increased Kuang2 activity"
Previous message: Logan F.D. Greenlee: "RE: Increased Kuang2 activity"
Maybe in reply to: Jason Dixon: "Increased Kuang2 activity"
Next in thread: James C Slora Jr: "RE: Increased Kuang2 activity"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Feb 10 2003 - 15:51:25 PST