Hosting Provided By

RE: Increased Kuang2 activity

From: James C Slora Jr <Jim.Slora(at)phra.com>
Date: Mon Feb 10 2003 - 15:42:53 EST

Logan F.D. Greenlee wrote Monday, February 10, 2003 13:37

> According to the information out there port 17300 is the control port

Kuang2 is related to a whole family of file infectors carrying backdoors - look for PE_Weird and related. I do not recommend Symantec's site in this particular case - their info is pretty skimpy.

There were updated versions released in mid-2002: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_WEIRD.D http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_KUANG.B (client component only)

Some variant of PE_Weird was also circulating last year as a file infection piggybacking on Klez.(x) infected mail. Most of the variants I know of are file infectors, so they could circulate pretty easily along with any PE file. There may be another new version circulating, and it would still be easy for older versions to find new victims.

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com

application/ms-tnef attachment: winmail.dat

Received on Mon Feb 10 18:53:24 2003

This message: [ Message body ]
Next message: Brenna Primrose: "RE: Suspicious file on Desktop"
Previous message: Baklarz, Ron: "RE: Increased Kuang2 activity"
In reply to Logan F.D. Greenlee: "RE: Increased Kuang2 activity"
Next in thread: Kurt Seifried: "Re: Increased Kuang2 activity"
Reply: Kurt Seifried: "Re: Increased Kuang2 activity"
Reply: James C Slora Jr: "RE: Increased Kuang2 activity"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:58 EDT