[Dshield] F-Secure Radar2 Alert

Johannes B. Ullrich jullrich at sans.org
Fri Jan 20 18:53:52 GMT 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Tom wrote:
> At 12:16 PM -0500 1/20/06, Paul Marsh wrote:
>> I saw a few of these yesterday, Trend calls it Grew..  Nothing so 
>> far today, are others seeing it?
> 
> We rejected a couple of dozen yesterday according to our logs which 
> is up from 4 the day before.  We might of gotten more but we blocked 
> a machine spewing some yesterday at our router.

Looks like some AV vendors have a hard time with some of the variants of
this. Bad news: If you are hit, its "rebuild this machine" time. This is
nasty code which installs backdoors, send out your passwords and lots of
other good stuff. (and if you reinstall: pick new passwords).




- --
- ---------
Johannes Ullrich                        jullrich at sans.org
Chief Research Officer                     (617) 639 5000
http://isc.sans.org
PGP Key: https://secure.dshield.org/PGPKEYS

"We use [isc.sans.org] every day to keep on top of
 security at our bank" Matt, Network Administrator.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFD0THAPNuXYcm/v/0RA9gXAJ4ofs38Ao10yF6Ndom6Z69OsYeLkgCfbXgW
blQvIlGxvmLodLw7MiVUx7E=
=Sp52
-----END PGP SIGNATURE-----


More information about the list mailing list