RE: /sumthin Revisited

From: Rob Keown <Keown(at)MACDIRECT.COM>
Date: Tue Jan 07 2003 - 18:40:21 EST

Perhaps a new worm or a recon tool. The earlier post showing the querying machines indicated that they were running potentially vulnerable software. Also remember this list has similar postings. I see one on Dshield from November 8th.

I think contacting the responsible party is a good idea.

-----Original Message-----
From: Jonathan A. Zdziarski [mailto:jonathan@networkdweebs.com] Sent: Tuesday, January 07, 2003 5:32 PM
To: 'Sverre H. Huseby'; 'Chris Norris'
Cc: incidents@securityfocus.com; 'Noam Eppel' Subject: RE: /sumthin Revisited

I typed in the IP address of the machine that scanned one of my machines for /sumthin and it turned out to be another web server for 'Jang Cyuang Enterise Co., LTD.'. I emailed them asking if they had a tool that performs these scans, waiting for a reply. This could very well be a new worm looking for vulnerable hosts, and if it is, this company's web server is apache 1.3.12, so it may be an old vulnerability.

> -----Original Message-----

---

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com

---

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Tue Jan 7 19:00:01 2003