Slashdot Mirror

← Back to Stories (view on slashdot.org)

55808 Trojan Analysis

Posted by CmdrTaco on from the crawling-about-in-the-digital-wild dept.

espo812 writes "This analysis of the 55808 trojan that has been circling the internet was just posted on Bugtraq . The good news (i guess?) is that apparentally it is just a proof of concept distributed scanner. The bad news is they think they just caught a copycat version of the origional trojan. ISS also has an analysis."

2 of 118 comments (clear)

  1. Re:How does it spread? by freeweed · · Score: 5, Interesting

    The big Samba exploit a couple of months ago left a nice root shell bound to a fixed high port. What's interesting about this is that *many* exploits around the same time shared the same shellcode, and thus the same port.

    Doing some casual scanning at the time, I picked up hundreds of boxes with a root (or other user, local privlege escalation anyone?) shell open on that very port. This was only a couple of hours of scanning; imagine what I could have done given a few weeks.

    --
    Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.
  2. How convenient by Animats · · Score: 3, Interesting
    Amazing how all these attacks appear, just annoying enough to make people buy "protection" from companies like McAfee, but not damaging enough to force OS vendors to actually design systems that are secure.

    Hmm.