See this at:
isc.sans.org|
Added on 11/08/05
Update: During the upcoming SANS Webcast Internet Storm Center: Threat Update, Wednesday, November 09 at 1:00 PM EST (1800 UTC/GMT), Johannes Ullrich will discuss the Lupii worm and XML-RPC, be sure to catch this "defense discussion in depth" We are...
See more 
Update: During the upcoming SANS Webcast Internet Storm Center: Threat Update, Wednesday, November 09 at 1:00 PM EST (1800 UTC/GMT), Johannes Ullrich will discuss the Lupii worm and XML-RPC, be sure to catch this "defense discussion in depth" We are receiving reports of malware that's an apparent relative of the lupii worm. The reported variant is named "listen". Ivan Macalintal, Senior Threat Analyst, Trend Micro Inc., sent us the following information; "LISTEN has a size of 443,364 bytes, but basically it still does the same thing. MD5 Hashes (as compared with the previous LUPII variants): 5b1176a690feaa128bc83ad278b19ba8 *listen df0e169930103b504081aa1994be870d *lupii c9cd7949a358434bfdd8d8f002c7996b *lupii2 Trend has identified this variant as ELF_LUPPER.B, details of their analysis will be posted there shortly. Additional information on "listen" has been submitted us by a contributors who wishes to remain anonymous. "Listen" is retrieved from 24.224.2.174 and 24.224.174.18 Thanks... See less 
RSS: Get notified when there are updates to this page