ISS Security Brief: "Stumbler" Distributed Stealth Scanning Network

From: X-Force (xforce_at_iss.net)
Date: 06/20/03

  • Next message: X-Force: "ISS Security Alert Summary AS03-25" 
    To: alert@iss.net
Date: Thu, 19 Jun 2003 23:52:16 -0400 (EDT)

    -----BEGIN PGP SIGNED MESSAGE-----

    Internet Security Systems Security Alert
    June 19, 2003

    "Stumbler" Distributed Stealth Scanning Network

    Synopsis:

    X-Force has been tracking reports of suspicious and widespread Internet
    traffic with a TCP Window size of 55808. A substantial amount of traffic
    captured from sites around the world point to a new distributed port
    scanning system. X-Force has analyzed malware that appears to be a client
    capable of scanning and receiving network mapping data from other similar
    clients distributed across the Internet. X-Force has named this malware,
    "Stumbler".

    For the complete ISS X-Force Security Alert, please visit:
    http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=22441

    ______

    About Internet Security Systems (ISS)
    Founded in 1994, Internet Security Systems (ISS) (Nasdaq: ISSX) is a
    pioneer and world leader in software and services that protect critical
    online resources from an ever-changing spectrum of threats and misuse.
    Internet Security Systems is headquartered in Atlanta, GA, with
    additional operations throughout the Americas, Asia, Australia, Europe
    and the Middle East.

    Copyright (c) 2003 Internet Security Systems, Inc. All rights reserved
    worldwide.

    Permission is hereby granted for the electronic redistribution of this
    document. It is not to be edited or altered in any way without the
    express written consent of the Internet Security Systems X-Force. If
    you wish to reprint the whole or any part of this document in any other
    medium excluding electronic media, please email xforceiss.net for
    permission.

    Disclaimer: The information within this paper may change without notice.
    Use of this information constitutes acceptance for use in an AS IS
    condition. There are NO warranties, implied or otherwise, with regard to
    this information or its use. Any use of this information is at the
    user's risk. In no event shall the author/distributor (Internet Security
    Systems X-Force) be held liable for any damages whatsoever arising out
    of or in connection with the use or spread of this information.
    X-Force PGP Key available on MIT's PGP key server and PGP.com's key server,
    as well as at http://www.iss.net/security_center/sensitive.php
    Please send suggestions, updates, and comments to: X-Force
    xforceiss.net of Internet Security Systems, Inc.

    -----BEGIN PGP SIGNATURE-----
    Version: 2.6.2

    iQCVAwUBPvKEgzRfJiV99eG9AQGLegP+NTWvea7ISoLNYkPYQkbtuVo4c6xyRclx
    QtFAr8VcNBI6ooQdLKElWCuC8v8t5Nne2kqYIc95Q9X+4LniUDdEzDLZ74sJPfFs
    3gv0YxxCBi/mVB4QYzhFRA4iAcWKajHOBjw8/a4WrxdSECw74d3NU9m7o5KFyZqe
    rnVHtJKcw1Q=
    =FYEH
    -----END PGP SIGNATURE-----

  • Next message: X-Force: "ISS Security Alert Summary AS03-25"