[Dshield] F-Secure Radar2 Alert
Johannes B. Ullrich
jullrich at sans.org
Fri Jan 20 18:53:52 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
> At 12:16 PM -0500 1/20/06, Paul Marsh wrote:
>> I saw a few of these yesterday, Trend calls it Grew.. Nothing so
>> far today, are others seeing it?
> We rejected a couple of dozen yesterday according to our logs which
> is up from 4 the day before. We might of gotten more but we blocked
> a machine spewing some yesterday at our router.
Looks like some AV vendors have a hard time with some of the variants of
this. Bad news: If you are hit, its "rebuild this machine" time. This is
nasty code which installs backdoors, send out your passwords and lots of
other good stuff. (and if you reinstall: pick new passwords).
Johannes Ullrich jullrich at sans.org
Chief Research Officer (617) 639 5000
PGP Key: https://secure.dshield.org/PGPKEYS
"We use [isc.sans.org] every day to keep on top of
security at our bank" Matt, Network Administrator.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the list