[Dshield] New Variant of Linkbot
Paul F Dixon
pdixon at rwsc.com
Thu Oct 6 23:21:16 GMT 2005
We've been chasing down a virus in our facilities that looks a lot like the
Here are some particular findings about this bug.
This is a fast moving bug. We're able to detect it by tailing our fwlogs
and grepping out port 191 calls to 126.96.36.199.
188.8.131.52 is an active machine on the internet:
ARIN - Whois:
Is anyone having the same probs?
Manager, Network Operations & Information Security
Rockwell Scientific Company LLC
More information about the list