Honeyd Mailing List: Announce: kuang2.pl (honeyd script)

From: Klaus Steding-Jessen <jessen_at_nic.br>
Date: Mon, 7 Jun 2004 20:21:45 -0300

[from the README]

Description

   kuang2.pl is a Honeyd module that emulates the backdoor installed
   by the Kuang2 virus. It saves uploaded files and also logs
   attempts to use Kuang2 backdoor commands, like file download,
   execution, deletion, etc.

Availability

The latest version of kuang2.pl is available from
http://www.honeynet.org.br/tools/

Additional information

   Nowadays several bots and other malware are using existing Kuang2
   infected machines to spread. Being able to capture these uploaded
   files is a good way to get new specimens to study as well as
   keeping AV vendors up to date with their signatures. Additional
   information about Kuang2 and Spybots is available at:

* Virus Profile
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=10213

* Internet Storm Center -- port 17300/tcp details
http://isc.incidents.org/port_details.html?port=17300

* Milkit: An Innovator of Old Technology
http://www.lurhq.com/sig-milkit.html

* Worm.P2P.SpyBot
http://www.viruslist.com/eng/viruslist.html?id=60639

Have fun,
Klaus.
Received on Mon Jun 07 2004 - 21:15:19 PDT

Honeyd Resources

Honeyd Research

Honeypot Resources

Honeypot Books

Happy Hacking

Support Honeyd

Search Amazon

Announce: kuang2.pl (honeyd script)