XML-RPC worm
tjones at fastq.com
tjones at fastq.com
Tue Nov 8 20:28:22 MST 2005
Quoting Alex Dean <alex at crackpot.org>:
> On Nov 8, 2005, at 5:55 PM, Alan Dayley wrote:
>
> > Personally, I think any box found with a back door installed needs
> > to be
> > reformated. That's the only way I could be confident it is not
> > compromised.
>
> I've checked all the stuff installed on my box, and none of it is
> listed as 'vulnerable' in the security bulletin. Just to be extra-
> safe, though, how would I look for this backdoor?
>
> alex
> ---------------------------------------------------
The message that went out at work this morning (sorry, no access from home)
warned to lookout for either port 7111 or 7222 being open and listening,
especially if you know they should be closed.
There's some detail here: http://isc.sans.org/diary.php
TJ
-------------------------------------------------
FastQ Communications
Providing Innovative Internet Solutions Since 1993
More information about the PLUG-discuss
mailing list