Wednesday I reported the publication of an exploit for the FTP service used by the Sasser worm. Now there's a new worm called Dabber exploiting the same vulnerability in Sasser's FTP service. Read each link for LURHQ's analysis of each worm.

If you've been seeing increased scans to ports 9898 and 5554 TCP, you'll know why after reading the advisories. Port 5554 TCP is the Sasser FTP server. Port 9898 is the Dabber back door.

Comments

Anonymous said…
Firewall for ever :)

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics