RE: malicious scans
>
> Hi,
>
> Anybody know where I can get some detailed info on the
> characteristics of trojans/viruses that scan for vulnerabilities ?
> Specifically, I'm trying to determine if a pattern of scanned ports I have
> noticed on my machine is characteristic of any particular
> trojan/virus/malicious programme that a user might not be aware
> of on their
> machine (ie, not something they are not consciously running, but which has
> been installed without their knowledge).
>
> My googling so far hasn't turned up that kind of detail. For
> instance, I found a long list of trojans whose purpose in life is to scan
> for windows vulnerabilities. One name I can remember (I did the
> research on
> a different machine than the one from which I write) for example was AGEG
> (AGressive Exploit Groper?Grabber), but I don't know if it was written to
> scan a specific set of vulnerable ports, or if it is configurable. I've
> done a little surfing at the SANS website without coming up with much.
>
> I'm not really too sure where to look for this kind of info, or even
> how likely it is to exist. Like is there any kind of trend for
> these kinds
> of programmes to be configurable or to be preset. I thought maybe there
> would be people with more security experience on this list that
> could share
> some ideas or resources.
>
http://securityresponse.symantec.com/ - here are the TOP10 and the LATEST 10
Virus(s?)es
http://www.symantec.com/search/ - use different search words like ports and
make sure to check the boxes for Virus & Exploit
http://security.symantec.com/ssc/home.asp?j=1&langid=ie&venid=sym&plfid=22&p
kj=WZMHDTKJBTVISBYWWYP - online virus scan :-) if you might need this
I think the best one is this here -
http://securityresponse.symantec.com/avcenter/vinfodb.html
But those will list more or less ALL virus(s?)es regardless if it's a
trojan, worm or else.....
HTH,
Simmel
Reply to: