Hosting Provided By

Trojan attacking our switches

From: Charles Polisher <cpolish(at)attbi.com>
Date: Thu Mar 20 2003 - 20:50:34 EST

Search of CVE and securityfocus and googling did not turn up adequate information. Anyone seen this beast?

Our campus network has a couple of thousand hosts, and 93 switches.

Telnetting into our HP Procurve 2524 switch shows an ongoing attempt to brute-force the SNMP community (public, of course). HP apparently does not provide a method for disbling SNMP, and we're going to have to visit all 93 switches in person to set a strong password -- yes, it had been left blank!

PCdoorguard 3 virus scanner identified a virus, "f*ck door server", but provides little useful information other than pointing to \windows\system\setdefed.exe which is 24,576 bytes.

Thanks,
Charles Polisher

<Pre>Lose another weekend managing your IDS? Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A> Received on Fri Mar 21 12:01:46 2003

This message: [ Message body ]
Next message: dreamwvr(at)dreamwvr.com: "Re: Trojan attacking our switches"
Previous message: Pierre Vandevenne: ""webmoney" trojan and COM interface analysis"
Next in thread: dreamwvr(at)dreamwvr.com: "Re: Trojan attacking our switches"
Reply: dreamwvr(at)dreamwvr.com: "Re: Trojan attacking our switches"
Reply: Mike Hoskins: "Re: Trojan attacking our switches"
Reply: Kris Saw: "Re: Trojan attacking our switches"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:00 EDT