New Rinbot scanning for port 1025 DNS/RPC

We are currently tracking a new version of the Rinbot worm that in addition to its regular scans, is also scanning for port 1025/tcp. Once connected, it attempts to do a Windows 2000 DnsservQuery, likely to exploit the recent Microsoft DNS vulnerability. Detection of this virus is currently very poor, and we are working with the AV vendors to improve this.

In the meanwhile, we would like to urge you to consider implementing the workarounds discussed in our previous diary entry here.


158 Posts
Apr 16th 2007

Sign Up for Free or Log In to start participating in the conversation!