Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > incidents > 03 > 020594.html (Request Expert securityfocus.com Support)

RE: Increased Kuang2 activity

From: Baklarz, Ron <BaklarzR(at)usa.redcross.org>
Date: Mon Feb 10 2003 - 15:01:54 EST


FWIW There is a check for this beastie in Nessus under 'Backdoors' The nessus Plugin ID is 10132.

Ron Baklarz CISSP, GSEC
Chief Information Security Officer
The American Red Cross

8111 Gatehouse Road
Falls Church, VA 22042

Phone: 703-206-7279
Pager: 877-594-3354

-----Original Message-----

From: Jennifer Fountain [mailto:JFountain@rbinc.com] Sent: Monday, February 10, 2003 12:00 PM To: Logan F.D. Greenlee; Jason Dixon; incidents@securityfocus.com Subject: RE: Increased Kuang2 activity

Here is some information I found on the trojan: 

http://www.glocksoft.com/trojan_list/Kuang2_the_virus.htmhttp://cert.uni-stuttgart.de/archive/intrusions/2002/07/msg00059.htmlhttp://www.iss.net/security_center/static/4074.php

according to iss, 98/95 are affected.

Thank you
Jenn Fountain

Do you need help?X

-----Original Message-----

From: Logan F.D. Greenlee [mailto:lgreenlee@ciretose.net] Sent: Monday, February 10, 2003 11:46 AM To: Jason Dixon; incidents@securityfocus.com Subject: RE: Increased Kuang2 activity

Does anyone have any information on what the kuang2 trojan does, and what systems are vulnerable? My brief googling has only returned links to the Trojan itself.

Thanks,
Logan

-----Original Message-----

From: Jason Dixon [mailto:jasondixon@myrealbox.com] Sent: Sunday, February 09, 2003 7:01 PM
To: incidents@securityfocus.com
Subject: Increased Kuang2 activity

I've noticed a large increase of activity to port 17300 hitting my firewall over the last 3 days, from various sources. Googling relates this port to the kuang2 trojan. Has anyone else seen this? Anything else this might be attributed to?

TIA,
J.


This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Mon Feb 10 18:51:31 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:58 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library