Trojan attacking our switches

• Previous message: Pierre Vandevenne: ""webmoney" trojan and COM interface analysis"
• Next in thread: dreamwvr@dreamwvr.com: "Re: Trojan attacking our switches"
• Reply: dreamwvr@dreamwvr.com: "Re: Trojan attacking our switches"
• Reply: Mike Hoskins: "Re: Trojan attacking our switches"
• Reply: Kris Saw: "Re: Trojan attacking our switches"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 20 Mar 2003 17:50:34 -0800
From: Charles Polisher <cpolish@attbi.com>
To: incidents@securityfocus.com

Search of CVE and securityfocus and googling
did not turn up adequate information. Anyone
seen this beast?

Our campus network has a couple of thousand hosts,
and 93 switches.

Telnetting into our HP Procurve 2524 switch
shows an ongoing attempt to brute-force the
SNMP community (public, of course). HP apparently
does not provide a method for disbling SNMP, and
we're going to have to visit all 93 switches
in person to set a strong password -- yes, it had
been left blank!

PCdoorguard 3 virus scanner identified a
virus, "f*ck door server", but provides little
useful information other than pointing to
\windows\system\setdefed.exe which is 24,576 bytes.

Thanks,
Charles Polisher

----------------------------------------------------------------------------

<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>

• Previous message: Pierre Vandevenne: ""webmoney" trojan and COM interface analysis"
• Next in thread: dreamwvr@dreamwvr.com: "Re: Trojan attacking our switches"
• Reply: dreamwvr@dreamwvr.com: "Re: Trojan attacking our switches"
• Reply: Mike Hoskins: "Re: Trojan attacking our switches"
• Reply: Kris Saw: "Re: Trojan attacking our switches"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]