New nasty?
Thread Starter
Join Date: Sep 2002
Location: Chichester, UK
Posts: 1,650
Likes: 0
Received 0 Likes
on
0 Posts
New nasty?
Over the last couple of days, port 9898 on my firewall has started to take a hammering (nearly 500 hits last night). A bit of searching shows I'm not alone, with comments like
Any more info? I've seen this sort of thing before (e.g. a large number of 5554 scans with the Sasser worm), so I presume something is about to hit?
Probably a good time to make sure everything is up to date folks
Over the past couple of days there has been a large rise in port 9898 activity reported http://www.dshield.org/port_report.php?port=9898 . The Dabber worm (which rides in on the coattails of Sasser) opens a listener on port 9898, which is then probed by the attacking system to confirm its success. We're unaware of any "counter-counter" worm that is looking for Dabber backdoors, but I have seen a significant rise in scanning for it, as well.
Probably a good time to make sure everything is up to date folks
Join Date: Jan 2004
Location: Bracknell UK
Posts: 357
Likes: 0
Received 0 Likes
on
0 Posts
Hi Evo,
http://securityresponse.symantec.com....dabber.a.html
Discovered May 14th
and
http://securityresponse.symantec.com....dabber.b.html
Discovered June 4th
It's been out a while now, and the big AVs will certainly have it under control, so updating your NAV, AVG etc is all that is required. I'd definitely suggest for those that are either using out of date AVs, little known ones off of a magazine cover disc etc. or don't have one at all (GET ONE)to do an online virus check, just to be sure.
Cheers
Liam
http://securityresponse.symantec.com....dabber.a.html
Discovered May 14th
and
http://securityresponse.symantec.com....dabber.b.html
Discovered June 4th
It's been out a while now, and the big AVs will certainly have it under control, so updating your NAV, AVG etc is all that is required. I'd definitely suggest for those that are either using out of date AVs, little known ones off of a magazine cover disc etc. or don't have one at all (GET ONE)to do an online virus check, just to be sure.
Cheers
Liam
Last edited by E-Liam; 3rd Jul 2004 at 12:36.