Slashdot Mirror

← Back to Stories (view on slashdot.org)

55808 Trojan Analysis

Posted by CmdrTaco on from the crawling-about-in-the-digital-wild dept.

espo812 writes "This analysis of the 55808 trojan that has been circling the internet was just posted on Bugtraq . The good news (i guess?) is that apparentally it is just a proof of concept distributed scanner. The bad news is they think they just caught a copycat version of the origional trojan. ISS also has an analysis."

1 of 118 comments (clear)

  1. Re:How does it spread? by freeweed · · Score: 5, Interesting

    The big Samba exploit a couple of months ago left a nice root shell bound to a fixed high port. What's interesting about this is that *many* exploits around the same time shared the same shellcode, and thus the same port.

    Doing some casual scanning at the time, I picked up hundreds of boxes with a root (or other user, local privlege escalation anyone?) shell open on that very port. This was only a couple of hours of scanning; imagine what I could have done given a few weeks.

    --
    Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.