OT: malicious scans

To: Debian User List <debian-user@lists.debian.org>
Subject: OT: malicious scans
From: ghcbc@yahoo.com
Date: Fri, 14 May 2004 17:59:37 -0700
Message-id: <[🔎] 20040514175937.A2384@humble>
Mail-followup-to: ghcbc@yahoo.com, Debian User List <debian-user@lists.debian.org>
Reply-to: Debian User <debian-user@lists.debian.org>

Hi,

	Anybody know where I can get some detailed info on the
characteristics of trojans/viruses that scan for vulnerabilities ? 
Specifically, I'm trying to determine if a pattern of scanned ports I have
noticed on my machine is characteristic of any particular
trojan/virus/malicious programme that a user might not be aware of on their
machine (ie, not something they are not consciously running, but which has
been installed without their knowledge).  

	My googling so far hasn't turned up that kind of detail.  For
instance, I found a long list of trojans whose purpose in life is to scan
for windows vulnerabilities.  One name I can remember (I did the research on
a different machine than the one from which I write) for example was AGEG
(AGressive Exploit Groper?Grabber), but I don't know if it was written to
scan a specific set of vulnerable ports, or if it is configurable.  I've
done a little surfing at the SANS website without coming up with much.

	I'm not really too sure where to look for this kind of info, or even
how likely it is to exist.  Like is there any kind of trend for these kinds
of programmes to be configurable or to be preset.  I thought maybe there
would be people with more security experience on this list that could share
some ideas or resources.

Thanks,

Gerald

Reply to:

Follow-Ups:
- Re: OT: malicious scans
  - From: Paul Johnson <baloo@ursine.ca>
- RE: malicious scans
  - From: "Jens Simmoleit" <simmel@anymotion.de>
- Re: OT: malicious scans
  - From: ghcbc@yahoo.com

Prev by Date: Test message uu
Next by Date: Re: Script execution at boot time..
Previous by thread: Test message uu
Next by thread: Re: OT: malicious scans
Index(es):
- Date
- Thread