[Dshieldannounce] Rapid increase in port 3127 scans

Johannes B. Ullrich jullrich at sans.org
Wed Jan 28 21:17:59 UTC 2004

Today, we observed a rapid increase in port 3127 scans. This is likely
an attempt to find, and possibly exploit, hosts infected with

At this point, the purpose of these scans is not yet clear, but it is
likely, that the goal is to install additional malware.

If you find a MyDoom/Novarg infected host, please take extra steps to
ensure that no additional malware is present on this host. The standard
MyDoom/Novarg removal procedures will only remove the Virus, not any
additional malware that may have been installed via the backdoor.

CTO SANS Internet Storm Center               http://isc.sans.org
phone: (617) 837 2807                          jullrich at sans.org 

contact details: http://johannes.homepc.org/contact.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/dshieldannounce/attachments/20040128/695046f8/attachment-0003.bin

More information about the Dshieldannounce mailing list