[unisog] FWD: [SECURITY] bugbear variant

Richard Gadsden gadsden at musc.edu
Fri Jun 6 16:59:57 GMT 2003


On Thu, 5 Jun 2003, Douglas Brown wrote:

> 
> We've been running Nmap scan for systems with 1080 open, once we got a 
> list of systems we ran Amap against 1080 on the systems and the infected 
> ones returned garbage - similar to the following:
> 
> ASCII: 
> "+RW"\rx/kDV:d3x\r2Z;)EvbM\r\t3Rk&0XU9\ta!KY7\dH;\nM%3ojTl/\K_'[1k-gF0jzK7&yt)19&*a'N1ys&7yfEQ_MQ[DLXnHaF82E'rLp:jTf^ZGC4O%wsn:71556967"
> 
> we've found this was this quickest way to find all the bad guys -
> 
> Hope this helps,
> -Doug

Hey Doug,

Which amap trigger(s) have you found that bugbear.b responds to?

Thanks,
Richard
 --- o ---
 Richard Gadsden
 Director of Computer and Network Security
 Medical University of South Carolina



More information about the unisog mailing list