-Caveat Lector- <A HREF="http://www.ctrl.org/">
</A> -Cui Bono?-
-------- forwarded message --------
From: The SANS Institute <[EMAIL PROTECTED]>
Date: Thu, 24 Feb 2000
Subj: FLASH: Update and Correction on Windows Trinoo Report
From: Alan at the SANS NewsBites Service
Gary Flynn of James Madison University has posted substantial
additional information about the copies of trinoo-like code
found on Windows PCs, described in the NewsBites that you
received earlier today.
In a report entitled "Wintrinoo" provided at 3:01 PM EST, Gary
noted the following:
1. The number of machines infected was not 160. He reported
that he found 149 machines that were listening on port
34555, but that the number of machines actually infected may
have been substantially less because of possibility of false
positives.
2. He also reported that he discovered 16 of the computers (all
running Windows, and at least 5 running Windows98) "sending
out large numbers of UDP packets on random ports."
3. He noted that all 16 machines were infected with the
BackOrifice remote control Trojan.
4. After removing BackOrifice from one of the machines, he
discovered the computer again participating in a UDP flood.
That led to the discovery of a program that was reported to
CERT as a possible variant of the trinoo distributed denial
of service tool. CERT is analyzing this.
Gary's technical expertise and rapid response is helping the
entire community to be better informed. We're sorry that our
initial report didn't have the precision that Gary's latest
posting has provided. We'll keep you informed as we hear of
new developments.
The bottom line: PCs running Windows at universities have been
found participating in distributed denial of service attacks.
The next step is to ask the virus detection vendors to find and
eradicate the flooding programs -- Gary has forwarded the code
to them.
Alan
====
For a free subscription, e-mail [EMAIL PROTECTED]
with the subject: Subscribe NewsBites .
At 10:07 AM 2-24-2000 -0800, you wrote:
>http://www.marketwatch.newsalert.com/bin/story?StoryId=ColnPubebDxmTA
gfJA2vYCY1MyMK&FQ=v%25upi&Title=Headlines%20for%3A%20v%25upi%0A
>
>
> Cyber-attack tool appears in Windows-run systems
>
> United Press International - February 23, 2000 16:34
>
> WASHINGTON, Feb. 23 (UPI) -- The FBI Wednesday was continuing
> to warn of a troubling new development in the fight against
> cyber-attacks, such as the ones that crippled some of the most
> popular sites on the Internet earlier this month.
>
> For the first time, the tools used to launch such attacks have
> been found on computer systems using later versions of Windows.
<A HREF="http://www.ctrl.org/">www.ctrl.org</A>
DECLARATION & DISCLAIMER
==========
CTRL is a discussion & informational exchange list. Proselytizing propagandic
screeds are not allowed. Substance—not soap-boxing! These are sordid matters
and 'conspiracy theory'—with its many half-truths, misdirections and outright
frauds—is used politically by different groups with major and minor effects
spread throughout the spectrum of time and thought. That being said, CTRL
gives no endorsement to the validity of posts, and always suggests to readers;
be wary of what you read. CTRL gives no credence to Holocaust denial and
nazi's need not apply.
Let us please be civil and as always, Caveat Lector.
========================================================================
Archives Available at:
http://home.ease.lsoft.com/archives/CTRL.html
http:[EMAIL PROTECTED]/
========================================================================
To subscribe to Conspiracy Theory Research List[CTRL] send email:
SUBSCRIBE CTRL [to:] [EMAIL PROTECTED]
To UNsubscribe to Conspiracy Theory Research List[CTRL] send email:
SIGNOFF CTRL [to:] [EMAIL PROTECTED]
Om