[Dshield] Portscan pattern

Pete Cap peteoutside at yahoo.com
Sun Mar 14 22:51:29 GMT 2004


Could be the new "Phatbot," an Agobot variant which
hit the streets last week.
There was a link at DShield (copied here for your
convenience) with some packet captures you can

In short, Phatbot is a kind of swiss-army-knife which
spreads via multiple exploits (there's technical info
at DShield and various other sites).  It gives an
attacker backdoor access, can act as a proxy, etc. 
You can probably spot an infected host by the port




--- Korhonen Juuso <juuso.korhonen at camline.fi> wrote:
> Hi
> Can somebody tell me is it a scanning tool or a
> computer with virus with a
> scan pattern like this:
> Scanned ports: 2745, 1025, 135, 445, 6129
> I am having scans like this originating mainly from
> addresses starting with
> 61. and 68.
> Best Regards
> Juuso Korhonen
> IT Manager
> Camline corporation
> This message has been scanned by F-Secure Anti-Virus
> for Microsoft Exchange.
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or
> unsubscribe), see:

Do you Yahoo!?
Yahoo! Mail - More reliable, more storage, less spam

More information about the list mailing list