Possible combined exploits of MS vulnerabilities
It has been a very quiet day, but we are hearing rumors of possible "super" exploits that may target several of the vulnerabilities announced by Microsoft on Tuesday. We've been contacted by an individual who have have been infected such an exploit, but investigation of this is still underway. Increase in port 1981 activity There has been an increase in scanning activity targetting port 1981 (possibly Bowl or Shockrave trojan activity, perhaps not) over the last 10 days or so. If anyone has captured any of this activity, we'd like to see the captures. Yet another signature for sslbomb We have yet another signature for the sslbomb exploit, some of the earlier ones have been prone to a fair amount of false positives. We'd be interested in how well any of these signatures are working.
------------------------------- Jim Clausing, handler on dutyI will be teaching next: Reverse-Engineering Malware: Malware Analysis Tools and Techniques - SANS DFIR Summit & Training 2022 |
Jim 423 Posts ISC Handler Apr 18th 2004 |
Thread locked Subscribe |
Apr 18th 2004 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!