XML-RPC worm

tjones at fastq.com tjones at fastq.com
Tue Nov 8 20:28:22 MST 2005


Quoting Alex Dean <alex at crackpot.org>:

> On Nov 8, 2005, at 5:55 PM, Alan Dayley wrote:
> 
> > Personally, I think any box found with a back door installed needs  
> > to be
> > reformated.  That's the only way I could be confident it is not
> > compromised.
> 
> I've checked all the stuff installed on my box, and none of it is  
> listed as 'vulnerable' in the security bulletin.  Just to be extra- 
> safe, though, how would I look for this backdoor?
> 
> alex
> ---------------------------------------------------
The message that went out at work this morning (sorry, no access from home)
warned to lookout for either port 7111 or 7222 being open and listening,
especially if you know they should be closed.

There's some detail here: http://isc.sans.org/diary.php

TJ




-------------------------------------------------
FastQ Communications 
Providing Innovative Internet Solutions Since 1993



More information about the PLUG-discuss mailing list