- Re: Port scans
- Posted by Gabriele Neukam on June 22nd, 2003
On that special day, Mark Space, (mark_space44@hotmail.com) said...
I don't know about the current one, but the first bugbear used the TCP
ports 135 and 139 (belonging to the netbios traffic, IIRC) to connect,
and if the right answer came back, tried to copy itself to the new
victim via port 445, using UDP.
The newer Bugbear uses similar methods to spread, and emails with double
extensions. To make it more difficult, it chooses subjects and
attachment names from files on the computer on which it resides.
Gabriele Neukam
Gabriele.Neukam@t-online.de
--
Ah, Information. A good, too valuable theses days, to give it away, just
so, at no cost.
Similar Posts
- Microsoft Port Scans (Security & Administration) by Notan
- Re: Port scans from China anyone else? (Computers & Technology) by Whiskers
- Port scans. What are these? (Computer Security) by kmtanner@cyberspace.org
- Port Scans (Internet & Broadband) by Franklin P Patchey
- Re: Port scans (Virus & Worms) by Mark Space
