Friday, May 14, 2004

Wednesday I reported the publication of an exploit for the FTP service used by the Sasser worm. Now there's a new worm called Dabber exploiting the same vulnerability in Sasser's FTP service. Read each link for LURHQ's analysis of each worm.

If you've been seeing increased scans to ports 9898 and 5554 TCP, you'll know why after reading the advisories. Port 5554 TCP is the Sasser FTP server. Port 9898 is the Dabber back door.

1 comment:

Serg said...

Firewall for ever :)