[unisog] XP silently configuring ad-hoc wifi

Frank Bulk frnkblk at iname.com
Mon Sep 26 12:00:17 GMT 2005


This is still all unconfirmed, and if you read the livejournal links, you
would think the infosec staff at the New Jersey Institute of Technology
would be much more forthcoming.

Joshua Wright, the wireless guru of SANS, has been trying to confirm some of
the details.

Frank

-----Original Message-----
From: unisog-bounces at lists.sans.org [mailto:unisog-bounces at lists.sans.org]
On Behalf Of z./(--)\.s
Sent: Saturday, September 24, 2005 7:30 PM
To: unisog at lists.sans.org
Subject: [unisog] XP silently configuring ad-hoc wifi

Although this hasn't hit any of the major news sites out there (it was
mentioned on SANS' Internet Storm Center a few days ago -
http://isc.sans.org/diary.php?date=2005-09-23), it's been going around the
rumor mill that there's a wireless worm out there that's attacking unpatched
XP machines and reconfiguring them as ad-hoc wireless zombies. afaik this
has only been noticed on the east coast but I'm not in the states so I can't
confirm.
Check out preliminary details and a packetdump:

details:
http://www.livejournal.com/community/lj2600/79996.html
http://www.hacksrus.com/~recompiler/aec_le/
http://www.livejournal.com/community/infosec/47702.html


packetdumps:
http://www.hacksrus.com/~recompiler/aec_le/dump2aec

The packet dump doesn't seem to contain any illegitimate data, but if you're
having similar issues maybe contributing to the conversation would be
useful.

~Angel

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com _______________________________________________
unisog mailing list
unisog at lists.sans.org
http://www.dshield.org/mailman/listinfo/unisog



More information about the unisog mailing list