Threat Level: green Handler on Duty: Tom Webb

SANS ISC: New Rinbot scanning for port 1025 DNS/RPC - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
New Rinbot scanning for port 1025 DNS/RPC

We are currently tracking a new version of the Rinbot worm that in addition to its regular scans, is also scanning for port 1025/tcp. Once connected, it attempts to do a Windows 2000 DnsservQuery, likely to exploit the recent Microsoft DNS vulnerability. Detection of this virus is currently very poor, and we are working with the AV vendors to improve this.

In the meanwhile, we would like to urge you to consider implementing the workarounds discussed in our previous diary entry here.

Maarten

158 Posts

Sign Up for Free or Log In to start participating in the conversation!