検索:
ホーム   »     »   BOT That Scans for Vulnerable Cisco Routers

BOT That Scans for Vulnerable Cisco Routers

  • 投稿日:2005年11月3日
  • 脅威カテゴリ:未分類
  • 執筆:ウイルス解析担当者
0

A short write-up at the ISC
featured a bot worm that is reported to have the capability to scan
for vulnerable Cisco routers.


This bot was tagged by Symantec as
W32.Spybot.ZIF
last November 1, 2005 and the malware was
reported to “scan a specified network range for Cisco routers
that may have vulnerable Telnet or HTTP servers running and report
results back to IRC.
“


A cursory glance at the binary dump shows:


0003E600 0043E600 0 cisco23

0003E60A 0043E60A 0 Cisco Telnet

0003E640 0043E640 0 cisco80

0003E64A 0043E64A 0 Cisco HTTP

0003E7DA 0043E7DA 0 YZqbgff

0003E840 0043E840 0 [SCAN]: Exploit Statistics:

0003E85C 0043E85C 0 %s: %d,

0003E868 0043E868 0 Total: %d in %s.

0003E87C 0043E87C 0 [SCAN]: Current IP: %s.

0003E894 0043E894 0 [SCAN]: Scan not active.



Hmmm…


Trend Micro discovered and detected this malware as
WORM_RBOT.CMR
as early as October 14, 2005. What’s more, we’ve
acquired new Upack-repacked samples of the same malware that will
be detected under the same name of WORM_RBOT.CMR.


Needless to say, let’s be sure that we patch those vulnerable Cisco
routers, ok?


No related posts.



  • 個人のお客さま向けオンラインショップ
  • |
  • 法人のお客さま向け直営ストア
  • |
  • 販売パートナー検索
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • 電子公告
  • ご利用条件
  • プライバシーポリシー
  • Copyright © 2021 Trend Micro Incorporated. All rights reserved.