| Vulnerability Name: | CVE-1999-0660 (CCN-465) | ||||||
| Assigned: | 1996-12-01 | ||||||
| Published: | 1996-12-01 | ||||||
| Updated: | 2008-08-01 | ||||||
| Summary: | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is not about any specific product, protocol, or design, so it is out of scope of CVE. It might be more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "A hacker utility, back door, or Trojan Horse is installed on a system, e.g. NetBus, Back Orifice, Rootkit, etc." | ||||||
| CVSS v3 Severity: | |||||||
| CVSS v2 Severity: | |||||||
| References: | Source: MITRE Type: CNA CVE-1999-0660 Source: XF Type: UNKNOWN passwd-troj(465) | ||||||
| Vulnerability Name: | CVE-1999-0660 (CCN-1218) | ||||||
| Assigned: | 1998-08-03 | ||||||
| Published: | 1998-08-03 | ||||||
| Updated: | 1998-08-03 | ||||||
| Summary: | The Back Orifice backdoor could allow an attacker to gain complete access. With the Back Orifice backdoor, an attacker can obtain total control of the system without the knowledge or consent of the victim. | ||||||
| CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||
| CVSS v2 Severity: | 10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
| ||||||
| Vulnerability Consequences: | Gain Access | ||||||
| References: | Source: MITRE Type: CNA CVE-1999-0660 Source: CCN Type: Cult of the Dead Cow (cDc) Web site cDc Home Page Source: CCN Type: Internet Security Systems Security Alert #05 Cult of the Dead Cow Back Orifice Backdoor Source: CCN Type: Internet Security Systems Security Alert #08 Windows Backdoors Update Source: XF Type: UNKNOWN win95-back-orifice(1218) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| Vulnerability Name: | CVE-1999-0660 (CCN-1839) | ||||||
| Assigned: | 1999-02-27 | ||||||
| Published: | 1999-02-27 | ||||||
| Updated: | 1999-02-27 | ||||||
| Summary: | 'Rootkit' is popular package for intruders to gain root access and install a backdoor on systems. Rootkit is often installed with the default passwords intact. These passwords allow immediate root access to the system on which this login backdoor was placed. | ||||||
| CVSS v3 Severity: | |||||||
| CVSS v2 Severity: | |||||||
| Vulnerability Consequences: | Gain Access | ||||||
| References: | Source: MITRE Type: CNA CVE-1999-0660 Source: CCN Type: CERT Computer Emergency Response Team Recovering from an Incident Source: XF Type: UNKNOWN rootkit-login-backdoor(1839) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| Vulnerability Name: | CVE-1999-0660 (CCN-1840) | ||||||
| Assigned: | 1999-02-27 | ||||||
| Published: | 1999-02-27 | ||||||
| Updated: | 1999-02-27 | ||||||
| Summary: | Hidesource is popular backdoor for intruders to gain root access and install a backdoor on systems. This particular software was designed for Solaris and SunOS systems, but could possibly have been ported to other operating systems. Hidesource is often installed with the default passwords intact. These passwords allow immediate root access to the system on which this login backdoor was placed. | ||||||
| CVSS v3 Severity: | |||||||
| CVSS v2 Severity: | |||||||
| Vulnerability Consequences: | Gain Access | ||||||
| References: | Source: MITRE Type: CNA CVE-1999-0660 Source: CCN Type: CERT Computer Emergency Response Team Recovering from an Incident Source: XF Type: UNKNOWN hidesource-login-backdoor(1840) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| Vulnerability Name: | CVE-1999-0660 (CCN-2178) | ||||||
| Assigned: | 1999-05-12 | ||||||
| Published: | 1999-05-12 | ||||||
| Updated: | 1999-05-12 | ||||||
| Summary: | The PBBSER backdoor (a Unix-based backdoor written by PBBSER) is one of many backdoor programs that attackers can use to access your computer system without your knowledge or consent. With the PBBSER backdoor, an attacker can do the following:
- add a UID 0 account to the host's passwd file - display a pre-defined message to all the users on the system | ||||||
| CVSS v3 Severity: | |||||||
| CVSS v2 Severity: | |||||||
| Vulnerability Consequences: | Gain Access | ||||||
| References: | Source: MITRE Type: CNA CVE-1999-0660 Source: XF Type: UNKNOWN backdoor-pbbser(2178) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| Vulnerability Name: | CVE-1999-0660 (CCN-2343) | ||||||
| Assigned: | 1999-07-10 | ||||||
| Published: | 1999-07-10 | ||||||
| Updated: | 1999-07-10 | ||||||
| Summary: | Back Orifice 2000 is one of many backdoor programs that attackers can use to access your computer system without your knowledge or consent. Back Orifice 2000 allows remote operation of infected Windows 95/98 and Windows NT computers. With the Back Orifice 2000 backdoor, an attacker can do the following:
- gather information about your network - perform system commands - reconfigure computers on your network - redirect network traffic | ||||||
| CVSS v3 Severity: | |||||||
| CVSS v2 Severity: | |||||||
| Vulnerability Consequences: | Gain Access | ||||||
| References: | Source: CCN Type: Cult of the Dead Cow (cDc) Web site Back Orifice 2000 Source: MITRE Type: CNA CVE-1999-0660 Source: CCN Type: Trend Micro Security Alert Back Orifice 2000 Source: CCN Type: Internet Security Systems Security Alert #31 Back Orifice 2000 Source: CCN Type: Microsoft Security Bulletin What Customers Should Know About 'BackOrifice 2000' Source: CCN Type: Symantec AntiVirus Research Center BackOrifice2K.Trojan Source: XF Type: UNKNOWN backdoor-bo2k(2343) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| Vulnerability Name: | CVE-1999-0660 (CCN-3118) | ||||||
| Assigned: | 1999-03-01 | ||||||
| Published: | 1999-03-01 | ||||||
| Updated: | 1999-03-01 | ||||||
| Summary: | The Schwindler backdoor is one of many backdoor programs that attackers can use to access your computer system without your knowledge or consent. With the Schwindler backdoor, an attacker can do the following:
- access files on your hard drive - capture your keystrokes - retrieve passwords stored on your computer | ||||||
| CVSS v3 Severity: | |||||||
| CVSS v2 Severity: | |||||||
| Vulnerability Consequences: | Gain Access | ||||||
| References: | Source: MITRE Type: CNA CVE-1999-0660 Source: CCN Type: PestPatrol Web site Schwindler 1.82 Source: XF Type: UNKNOWN backdoor-schwindler(3118) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| Vulnerability Name: | CVE-1999-0660 (CCN-3119) | ||||||
| Assigned: | 1999-04-01 | ||||||
| Published: | 1999-04-01 | ||||||
| Updated: | 1999-04-01 | ||||||
| Summary: | Progenic is a backdoor Trojan affecting Microsoft Windows operating systems. The backdoor uses a client/server relationship, where the server component is installed in the victim's system and the remote attacker has control of the client. The server attempts to open a port, typically TCP port 11223, to allow the client system to connect. Progenic could allow a remote attacker to gain unauthorized access to the system.
With the Progenic Trojan backdoor, an attacker can do the following: - retrieve user passwords - open and close your CD-ROM drive - restart or shut down your computer - log your keystrokes - interact with Mirabilis' ICQ chat system, if it is installed on your computer | ||||||
| CVSS v3 Severity: | |||||||
| CVSS v2 Severity: | |||||||
| Vulnerability Consequences: | Gain Access | ||||||
| References: | Source: MITRE Type: CNA CVE-1999-0660 Source: CCN Type: G-Lock Software Web site Progenic trojan Source: CCN Type: Linnet Solutions Ltd Web site TCP/UDP Port Numbers Source: XF Type: UNKNOWN backdoor-progenic(3119) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| Vulnerability Name: | CVE-1999-0660 (CCN-3161) | ||||||
| Assigned: | 1998-04-01 | ||||||
| Published: | 1998-04-01 | ||||||
| Updated: | 1998-04-01 | ||||||
| Summary: | The Ultors backdoor is one of many backdoor programs that attackers can use to access your computer system without your knowledge or consent. With the Ultors backdoor, an attacker can do the following:
- view and delete files and directories - execute programs - shut down your computer - display error messages | ||||||
| CVSS v3 Severity: | |||||||
| CVSS v2 Severity: | |||||||
| Vulnerability Consequences: | Gain Access | ||||||
| References: | Source: MITRE Type: CNA CVE-1999-0660 Source: CCN Type: G-Lock Software Web site Ultors Trojan Source: XF Type: UNKNOWN backdoor-ultors(3161) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| Vulnerability Name: | CVE-1999-0660 (CCN-3222) | ||||||
| Assigned: | 1999-06-01 | ||||||
| Published: | 1999-06-01 | ||||||
| Updated: | 1999-06-01 | ||||||
| Summary: | The BackConstruction backdoor, also known as Back Construction, Nightmare.B and Backdoor.Nightmare.B, is one of many backdoor programs that attackers can use to access your computer system without your knowledge or consent. With the BackConstruction backdoor, an attacker can create, retrieve, and manipulate files using a built-in FTP server. | ||||||
| CVSS v3 Severity: | |||||||
| CVSS v2 Severity: | |||||||
| Vulnerability Consequences: | Gain Access | ||||||
| References: | Source: MITRE Type: CNA CVE-1999-0660 Source: CCN Type: TL Security Web site TL Security Source: CCN Type: Simovits Web site Back Construction Source: XF Type: UNKNOWN backdoor-backconstruction(3222) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| Vulnerability Name: | CVE-1999-0660 (CCN-3259) | ||||||
| Assigned: | 1999-09-24 | ||||||
| Published: | 1999-09-24 | ||||||
| Updated: | 1999-09-24 | ||||||
| Summary: | The NetBus Pro backdoor is one of many backdoor programs that attackers can use to access your computer system without your knowledge or consent. With the NetBus Pro backdoor, an attacker can do the following:
- find cached passwords - execute full control over all windows - capture video from a video input device - schedule scripts to run on specified hosts at a certain time | ||||||
| CVSS v3 Severity: | |||||||
| CVSS v2 Severity: | |||||||
| Vulnerability Consequences: | Gain Access | ||||||
| References: | Source: MITRE Type: CNA CVE-1999-0660 Source: CCN Type: Internet Security Systems Security Alert #20 Windows Backdoors Update II: Net Bus 2.0 Pro, Caligula, and Picture.exe Source: CCN Type: UltraAccess Networks, Inc. Web site NetBus home page Source: XF Type: UNKNOWN win-netbus-pro-installed(3259) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| Vulnerability Name: | CVE-1999-0660 (CCN-3340) | ||||||
| Assigned: | 2001-09-01 | ||||||
| Published: | 2001-09-01 | ||||||
| Updated: | 2001-09-01 | ||||||
| Summary: | Cow backdoor, also known as Trojan Cow and Backdoor.Cow, is a backdoor Trojan written in Delphi affecting Microsoft Windows operating systems. The backdoor uses a client/server relationship, where the server component is installed in the victim's system and the remote attacker has control of the client. The server attempts to open a port, typically TCP port 2001, to allow the client system to connect. Trojan Cow backdoor could allow a remote attacker to gain unauthorized access to the system. | ||||||
| CVSS v3 Severity: | |||||||
| CVSS v2 Severity: | |||||||
| Vulnerability Consequences: | Gain Access | ||||||
| References: | Source: MITRE Type: CNA CVE-1999-0660 Source: CCN Type: PestPatrol Web site Trojan Cow Source: CCN Type: Hacker's Web site Atomic 99 - The Trojan Cow Source: XF Type: UNKNOWN backdoor-cow(3340) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| Vulnerability Name: | CVE-1999-0660 (CCN-4144) | ||||||
| Assigned: | 1998-09-01 | ||||||
| Published: | 1998-09-01 | ||||||
| Updated: | 1998-09-01 | ||||||
| Summary: | The Devil backdoor is one of many backdoor programs that attackers can use to access your computer system without your knowledge or consent. With the Devil backdoor, an attacker can:
- open and close your CD-ROM drive door - perform application bombs (an application is executed so many times that it floods the screen) - make your computer's speaker beep - stop ICQ if it is running - restart your computer | ||||||
| CVSS v3 Severity: | |||||||
| CVSS v2 Severity: | |||||||
| Vulnerability Consequences: | Gain Access | ||||||
| References: | Source: MITRE Type: CNA CVE-1999-0660 Source: CCN Type: Simovits Consulting Web site Devil Source: XF Type: UNKNOWN backdoor-devil13(4144) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| Vulnerability Name: | CVE-1999-0660 (CCN-4496) | ||||||
| Assigned: | 2000-05-21 | ||||||
| Published: | 2000-05-21 | ||||||
| Updated: | 2000-05-21 | ||||||
| Summary: | The Y3K backdoor is one of many backdoor programs that attackers can use to access your computer system without your knowledge or consent. With the Y3K backdoor, an attacker can:
- shut down your computer - log your keystrokes - access files on your computer | ||||||
| CVSS v3 Severity: | |||||||
| CVSS v2 Severity: | |||||||
| Vulnerability Consequences: | Gain Access | ||||||
| References: | Source: MITRE Type: CNA CVE-1999-0660 Source: CCN Type: Dark-e.com Web site Y3K RAT (1.0) (and other versions) Source: CCN Type: Symantec Security Response Web site Backdoor.Y3KRat.12 Source: XF Type: UNKNOWN backdoor-y3k-rat(4496) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| Vulnerability Name: | CVE-1999-0660 (CCN-5086) | ||||||
| Assigned: | 2000-08-10 | ||||||
| Published: | 2000-08-10 | ||||||
| Updated: | 2000-08-10 | ||||||
| Summary: | The Qaz backdoor is one of many backdoor programs for Microsoft Windows operating systems that attackers can use to access your computer without your knowledge or consent. With the Qaz backdoor, an attacker can upload other backdoors or malicious files that could further compromise your system.
Once installed on a system, the Qaz backdoor creates a server on TCP port 7597 and awaits commands from a remote client. For every infected computer, the Qaz backdoor sends to a remote attacker a notification message containing the IP address of the infected computer. The Qaz backdoor also acts as a worm by connecting to hosts in the Network Neighborhood and attempting to infect local copies of Notepad.exe with an infected version (renaming the original Notepad.exe file to Note.com). This method of infection only works on hosts who have Full Access privileges on their shared Windows system directory. | ||||||
| CVSS v3 Severity: | |||||||
| CVSS v2 Severity: | |||||||
| Vulnerability Consequences: | Gain Access | ||||||
| References: | Source: MITRE Type: CNA CVE-1999-0660 Source: CCN Type: Trend Micro Virus Encyclopedia TROJ_QAZ.A Source: CCN Type: F-Secure Virus Definitions Qaz Source: CCN Type: Symantec Security Response W32.HLLW.Qaz.A Source: XF Type: UNKNOWN backdoor-qaz(5086) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| Vulnerability Name: | CVE-1999-0660 (CCN-5179) | ||||||
| Assigned: | 2000-08-28 | ||||||
| Published: | 2000-08-28 | ||||||
| Updated: | 2000-08-28 | ||||||
| Summary: | A backdoor program that is associated with the Trinity distributed denial of service (DDoS) tool listens on TCP port 33270 (by default), awaiting an attacker's connection. Once connected, the attacker can issue a preconfigured password to open a shell running with root uid privileges. This backdoor has been observed running on many hosts infected with the Trinity DDoS agent. | ||||||
| CVSS v3 Severity: | |||||||
| CVSS v2 Severity: | |||||||
| Vulnerability Consequences: | Gain Access | ||||||
| References: | Source: MITRE Type: CNA CVE-1999-0660 Source: CCN Type: CIAC Information Bulletin K-072 New Variants of Trinity and Stacheldraht DDoS Source: CCN Type: Internet Security Systems Security Alert #59 Trinity v3 Distributed Denial of Service tool Source: CCN Type: National Infrastructure Protection Center 00-055 "Trinity v3/ Stacheldraht 1.666" Distributed Denial of Service Tool Source: CCN Type: National Infrastructure Protection Center 00-063 "New Year's DDoS Advisory" Source: XF Type: UNKNOWN backdoor-uucico-bindshell(5179) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| Vulnerability Name: | CVE-1999-0660 (CCN-5256) | ||||||
| Assigned: | 2000-09-06 | ||||||
| Published: | 2000-09-06 | ||||||
| Updated: | 2000-09-06 | ||||||
| Summary: | Trinity is a distributed denial of service tool for Linux that is controlled by IRC (Internet Relay Chat). The Trinity agent connects to an Undernet IRC server and waits for commands to be sent to the channel. Trinity can perform 8 different types of floods: UDP flood, Fragment flood, SYN flood, RST flood, random flags flood, ACK flood, establish flood, and null flood. | ||||||
| CVSS v3 Severity: | |||||||
| CVSS v2 Severity: | |||||||
| Vulnerability Consequences: | Denial of Service | ||||||
| References: | Source: MITRE Type: CNA CVE-1999-0660 Source: MITRE Type: CNA CVE-2000-0138 Source: CCN Type: CIAC Information Bulletin K-072 New Variants of Trinity and Stacheldraht DDoS Source: CCN Type: Internet Security Systems Security Alert #59 Trinity v3 Distributed Denial of Service tool Source: CCN Type: National Infrastructure Protection Center 00-055 "Trinity v3/ Stacheldraht 1.666" Distributed Denial of Service Tool Source: XF Type: UNKNOWN irc-trinity(5256) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| Vulnerability Name: | CVE-1999-0660 (CCN-5349) | ||||||
| Assigned: | 2000-10-09 | ||||||
| Published: | 2000-10-09 | ||||||
| Updated: | 2000-10-09 | ||||||
| Summary: | The SubSeven DEFCON8 2.1 backdoor is an updated version of the SubSeven backdoor. Similar to previously released versions of the SubSeven backdoor, the SubSeven DEFCON8 2.1 backdoor notifies an attacker when it has been installed on a system and allows the attacker to obtain cached passwords, play audio files, view a Webcam, and capture images of your screen.
The SubSeven DEFCON8 2.1 backdoor has been distributed with file names such as "SexxxyMovie.mpeg.exe" on Usenet newsgroups. Each installation of the backdoor server is configured to use a random file name. Once installed, the backdoor server joins an IRC (Internet Relay Chat) channel on irc.icq.com to notify the attacker that a system has been infected and (unlike other SubSeven versions) listens on port 16959 for client connections. Once connected to port 16959, the server displays "PWD" and prompts for a password. The password for the SubSeven DEFCON8 2.1 backdoor server is "acidphreak". A successful client login will return a banner similar to the following text: "connected. 14:43.41 - October 6, 2000, Friday, version: DEFCON8 2.1". This version of SubSeven only works on Windows 95 and Windows 98. Most of the computers infected to date appear to be home computers using high-speed cable modem or DSL connections. More information on previous versions of the SubSeven backdoor is available from Internet Security Systems Security Advisory #30. See References. | ||||||
| CVSS v3 Severity: | |||||||
| CVSS v2 Severity: | |||||||
| Vulnerability Consequences: | Gain Access | ||||||
| References: | Source: MITRE Type: CNA CVE-1999-0660 Source: MITRE Type: CNA CVE-2000-0138 Source: CCN Type: Internet Security Systems Security Alert #30 Windows Backdoor Update III Source: CCN Type: Internet Security Systems Security Alert #65 Widespread incidents of SubSeven DEFCON8 2.1 Backdoor Source: CCN Type: National Infrastructure Protection Center Advisory 00-056 "SubSeven DEFCON8 2.1 Backdoor" Trojan Source: CCN Type: National Infrastructure Protection Center Advisory 00-063 "New Year's DDoS Advisory" Source: XF Type: UNKNOWN backdoor-subseven-defcon8(5349) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| Vulnerability Name: | CVE-1999-0660 (CCN-6150) | ||||||
| Assigned: | 2001-02-24 | ||||||
| Published: | 2001-02-24 | ||||||
| Updated: | 2001-02-24 | ||||||
| Summary: | The NetDemon backdoor is one of many backdoor programs that attackers can use to access your computer without your knowledge or consent. Once a system is infected, the backdoor places a server on TCP port 15000 (or an arbitrary port configured by the attacker), which allows a remote client to connect to your computer. With the NetDemon backdoor, an attacker can:
- Shut down the system - Manipulate the current Windows session - Upload and download files to and from your computer | ||||||
| CVSS v3 Severity: | |||||||
| CVSS v2 Severity: | |||||||
| Vulnerability Consequences: | Gain Access | ||||||
| References: | Source: MITRE Type: CNA CVE-1999-0660 Source: XF Type: UNKNOWN backdoor-netdemon(6150) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| Vulnerability Name: | CVE-1999-0660 (CCN-6544) | ||||||
| Assigned: | 2001-01-18 | ||||||
| Published: | 2001-01-18 | ||||||
| Updated: | 2001-01-18 | ||||||
| Summary: | A self-propagating worm known as Ramen is currently exploiting well-known holes in unpatched Red Hat Linux 6.2 systems and in early versions of Red Hat 7.0. In addition to scanning for additional systems and propagating to vulnerable systems, the worm also defaces Web servers it encounters by replacing the index.html file. It may also interfere with some networks supporting multicasting.
Ramen is currently known to attack Red Hat systems running vulnerable versions of wu-ftp, rpc.statd, and LPRng. New exploits can be added to the existing worm to expand its capabilities. Ramen combines several known exploits and tools using a set of scripts. The initial attack starts with a scan for port 21 (FTP) and the retrieval of any FTP banners for any FTP services it encounters. The script uses this information to determine if it has contacted a system that may be vulnerable to one of its packaged exploits. Currently, Ramen uses the date encountered in the FTP banner of the system being scanned. If a vulnerable system is detected, the worm starts a propagation script based on what vulnerability is likely to be present. The propagation scripts and exploits run in parallel with the scanning process. Using one of the exploitable services, Ramen executes a command on the target system that creates a working directory for itself, "/usr/src/.poop". Ramen then requests a copy of itself, ramen.tgz, from the attacking system using Lynx Web browser and the Web-like service it installs on compromised systems. When installed on the new system, Ramen attempts to set up very limited Web-like service on port 27374 to provide for further distribution of the Ramen package. The service uses port 27374 to provide a copy of the ramen.tgz package to any connection with any request on that port. Ramen searches the entire system, including any remotely mounted file systems, and replaces any file named "index.html" with a copy of its own page. This not only defaces any Web site that it encounters, but also corrupts html based documentation files and possible working files in personal directories. Email messages are sent to two accounts, gb31337@hotmail.com and gb31337@yahoo.com, from compromised systems. Owners of the systems where the two addresses were hosted have been notified. Ramen disables existing FTP services (in inetd on Red Hat 6.2 or in xinetd on Red Hat 7.0) and disables rpc.statd. This action may be to prevent any attempts to re-infect the systems with additional copies of the worm. Ramen continues to propagate by using the newly compromised system to scan Class B (/16) wide address spaces, searching for port 21 (FTP) and looking for new vulnerable hosts. On networks and ISPs supporting multicasting, the SYN scanning performed by Ramen can disrupt network traffic when scanning the multicast network range. Ramen is driven by scripts that can be easily modified to attack other versions of Linux or other Unix systems. The exploits included with Ramen are known to work against other versions of these systems, even though Ramen itself is not keyed to trigger on them. | ||||||
| CVSS v3 Severity: | |||||||
| CVSS v2 Severity: | |||||||
| References: | Source: MITRE Type: CNA CVE-1999-0660 Source: CCN Type: CERT Incident Note IN-2001-01 Widespread Compromises via "ramen" Toolkit Source: CCN Type: CIAC Information Bulletin L-040 The Ramen Worm Source: CCN Type: Internet Security Systems Security Alert #71 Ramen Linux Worm Propagation Source: XF Type: UNKNOWN ramen-linux-worm-propagation(6544) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| Vulnerability Name: | CVE-1999-0660 (CCN-6550) | ||||||
| Assigned: | 2001-03-12 | ||||||
| Published: | 2001-03-12 | ||||||
| Updated: | 2001-03-12 | ||||||
| Summary: | SubSeven 2.2 backdoor is an updated version of the SubSeven backdoor. SubSeven is a powerful backdoor program, and is the most popular backdoor used against Windows systems. SubSeven allows an attacker to perform actions such as a shut down or restart of a computer, retrieve most saved and cached passwords, modify the system registry, and upload, download, and delete files from a system.
This new version, 2.2, has been updated with features that make it easier for a malicious user to access your computer system without your knowledge or consent. New functionality in SubSeven 2.2 includes: -SOCKS4/SOCKS5 Proxy Support -Packet Sniffer -Ability to Listen on a Random Port -Expanded Notification Capability -Ability to E-mail Keystroke Logs -Modular Design and SDK More information on previous versions of the SubSeven backdoor is available from Internet Security Systems Security Advisories #30 and #65. See References. | ||||||
| CVSS v3 Severity: | |||||||
| CVSS v2 Severity: | |||||||
| Vulnerability Consequences: | Gain Access | ||||||
| References: | Source: MITRE Type: CNA CVE-1999-0660 Source: MITRE Type: CNA CVE-2000-0138 Source: CCN Type: Internet Security Systems Security Alert #30 Windows Backdoor Update III Source: CCN Type: Internet Security Systems Security Alert #65 Widespread incidents of SubSeven DEFCON8 2.1 Backdoor Source: CCN Type: Internet Security Systems Security Alert #73 A New Version of the SubSeven Backdoor Source: XF Type: UNKNOWN backdoor-subseven-update(6550) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| Vulnerability Name: | CVE-1999-0660 (CCN-6679) | ||||||
| Assigned: | 2001-03-23 | ||||||
| Published: | 2001-03-23 | ||||||
| Updated: | 2001-03-23 | ||||||
| Summary: | The Lion (or L10n) worm is an Internet worm that targets Linux systems using certain versions of the BIND software for DNS (Domain Name System) servers. Once the Lion worm infects a system, it sends out an email containing sensitive system information regarding modifying system files, installing tools to assist in further attacks, and searches the Internet for other vulnerable hosts. Infected hosts can be used in large scale distributed denial of service (DDOS) attacks. | ||||||
| CVSS v3 Severity: | |||||||
| CVSS v2 Severity: | |||||||
| References: | Source: MITRE Type: CNA CVE-1999-0660 Source: CCN Type: McAfee Virus Profile Linux/Lion.worm Source: CCN Type: CIAC Information Bulletin L-064 The Lion Internet Worm DDOS Risk Source: CCN Type: National Infrastructure Protection Center Advisory 01-005 "Lion Internet Worm" DDOS Targeting Unix Systems Source: CCN Type: National Infrastructure Protection Center Advisory 01-009 "Increased Internet Attacks Against U.S. Web Sites and Mail Servers Possible in Early May" Source: CCN Type: SANS Information Security Reading Room The Lion Worm: King of the Jungle? Source: CCN Type: SANS/Global Internet Analysis Center Lion Worm Source: XF Type: UNKNOWN lion-linux-worm(6679) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| Vulnerability Name: | CVE-1999-0660 (CCN-6992) | ||||||
| Assigned: | 2001-08-06 | ||||||
| Published: | 2001-08-06 | ||||||
| Updated: | 2001-08-06 | ||||||
| Summary: | The Code Red II backdoor, configured on systems infected by the Code Red II worm, is one of many backdoors attackers can use to access your computer system without your knowledge or consent. With the Code Red II backdoor, an attacker can access the victim system through a URL and execute arbitrary commands.
For additional information regarding the "Code Red II" worm, refer to Internet Security Systems Security Alert #90. See References. | ||||||
| CVSS v3 Severity: | |||||||
| CVSS v2 Severity: | |||||||
| Vulnerability Consequences: | Gain Access | ||||||
| References: | Source: MITRE Type: CNA CVE-1999-0660 Source: MITRE Type: CNA CVE-2001-0500 Source: CCN Type: CERT Incident Note IN-2001-09 "Code Red II:" Another Worm Exploiting Buffer Overflow In IIS Indexing Service DLL Source: CCN Type: CIAC Information Bulletin L-117 The Code Red Worm Source: CCN Type: CIAC Information Bulletin L-132 Microsoft Cumulative Patch for IIS Source: CCN Type: Internet Security Systems Security Alert #90 Resurgence of "Code Red" Worm Derivatives Source: CCN Type: Microsoft Security Bulletin MS01-033 Unchecked Buffer in Index Server ISAPI Extension Could Enable Web Server Compromise Source: CCN Type: Microsoft Security Bulletin MS01-041 Malformed RPC Request Can Cause Service Failure Source: CCN Type: Microsoft Security Bulletin MS01-044 15 August 2001 Cumulative Patch for IIS Source: CCN Type: Microsoft Security Bulletin MS02-001 Trusting Domains Do Not Verify Domain Membership of SIDs in Authorization Data Source: CCN Type: Microsoft Security Bulletin MS02-018 Cumulative Patch for Internet Information Services (Q319733) Source: CCN Type: Microsoft Security Bulletin MS02-062 Cumulative Patch for Internet Information Service (Q327696) Source: CCN Type: Microsoft Security Bulletin MS03-018 Cumulative Patch for Internet Information Service (811114) Source: CCN Type: Microsoft TechNet Web site Information on the Code Red II worm Source: CCN Type: National Infrastructure Protection Center Advisory 01-017 "Code Red II" Source: CCN Type: BID-2880 MS Index Server and Indexing Service ISAPI Extension Buffer Overflow Vulnerability Source: XF Type: UNKNOWN backdoor-codered2(6992) Source: CCN Type: Rapid7 Vulnerability and Exploit Database MS01-033 Microsoft IIS 5.0 IDQ Path Overflow | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| Vulnerability Name: | CVE-1999-0660 (CCN-7130) | ||||||
| Assigned: | 2001-09-18 | ||||||
| Published: | 2001-09-18 | ||||||
| Updated: | 2001-09-18 | ||||||
| Summary: | The Nimda worm is similar in functionality to the Code Red worm and its derivatives. The Nimda worm attempts to identify vulnerable Microsoft IIS servers by using several Unicode Web Folder Traversal vulnerability attack strings to probe for vulnerable IIS systems and deface them. Nimda can infect any Windows system and then propagate by emailing copies of itself to individuals in MAPI (Messaging Application Programming Interface) address books, or by identifying and infecting vulnerable IIS servers.
Nimda takes advantage of standard email distribution techniques to broaden the range of target hosts. Instead of only attacking Web servers with Web server vulnerabilities, Nimda is designed to also propagate using spoofed email. The email is spoofed to appear to have been sent by trusted sources. Nimda relies on extensive local propagation once a system is infected. It replaces '.dll', '.eml', '.nws' files on all shared drives. It also appends itself to all '.htm', '.html', and '.asp' files on the infected system. This also allows the worm to spread to remote users when they access Web pages on infected servers. For additional information regarding the "Nimda" worm, refer to Internet Security Systems Security Alert #97. See References. | ||||||
| CVSS v3 Severity: | |||||||
| CVSS v2 Severity: | |||||||
| Vulnerability Consequences: | Other | ||||||
| References: | Source: CCN Type: BugTraq Mailing List, Tue Sep 18 2001 - 19:49:43 CDT Nimda Worm Source: MITRE Type: CNA CVE-1999-0660 Source: CCN Type: CERT Advisory CA-2001-26 Nimda Worm Source: CCN Type: CERT Coordination Center Steps for Recovering from a UNIX or NT System Compromise Source: CCN Type: CIAC Information Bulletin L-132 Microsoft Cumulative Patch for IIS Source: CCN Type: CIAC Information Bulletin L-144 The W32.nimda Worm Source: CCN Type: F-Secure Computer Virus Information Page Nimda Source: CCN Type: Internet Security Systems Security Alert #97 Aggressive Propagation of Nimda Worm Source: CCN Type: Microsoft Security Bulletin MS01-020 Incorrect MIME Header Can Cause IE to Execute E-mail Attachment Source: CCN Type: Microsoft Security Bulletin MS01-027 Flaws in Web Server Certificate Validation Could Enable Spoofing Source: CCN Type: Microsoft Security Bulletin MS01-044 15 August 2001 Cumulative Patch for IIS Source: CCN Type: Microsoft Security Bulletin MS02-001 Trusting Domains Do Not Verify Domain Membership of SIDs in Authorization Data Source: CCN Type: Microsoft Security Bulletin MS02-018 Cumulative Patch for Internet Information Services (Q319733) Source: CCN Type: Microsoft Security Bulletin MS02-062 Cumulative Patch for Internet Information Service (Q327696) Source: CCN Type: Microsoft Security Bulletin MS03-018 Cumulative Patch for Internet Information Service (811114) Source: CCN Type: Microsoft TechNet Information on the "Nimda" Worm Source: CCN Type: National Infrastructure Protection Center Advisory 01-022 "Mass Mailing Worm W32.Nimda.A@mm" Source: XF Type: UNKNOWN nimda-worm-propagation(7130) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| Vulnerability Name: | CVE-1999-0660 (CCN-9022) | ||||||
| Assigned: | 2002-04-27 | ||||||
| Published: | 2002-04-27 | ||||||
| Updated: | 2002-04-27 | ||||||
| Summary: | The Intruzzo backdoor is one of many backdoor programs that attackers can use to access your computer system without your knowledge or consent. The Intruzzo backdoor program allows a remote attacker to take control of an infected Windows computer and includes the ability to notify an attacker of successful infection over the ICQ instant messaging network. Once notified, the attacker can then use a special client that operates over TCP ports 22784, 1984 or 2418 to connect to the system and perform a number of functions, such as:
- communicate with the victim using message boxes and chat windows - browse the file system - manipulate system tasks and programs - retrieve stored passwords - shut the system down | ||||||
| CVSS v3 Severity: | |||||||
| CVSS v2 Severity: | |||||||
| Vulnerability Consequences: | Gain Access | ||||||
| References: | Source: MITRE Type: CNA CVE-1999-0660 Source: CCN Type: Trend Micro Virus Encyclopedia BKDR_INTRUZZO.A Source: XF Type: UNKNOWN backdoor-intruzzo(9022) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| Vulnerability Name: | CVE-1999-0660 (CCN-9362) | ||||||
| Assigned: | 2002-06-13 | ||||||
| Published: | 2002-06-13 | ||||||
| Updated: | 2002-06-13 | ||||||
| Summary: | The Korean version of Microsoft Visual Studio .NET is shipped with Microsoft Application Center Test (ACT). One of the ACT Help files contains a Nimda-infected file. It may be possible for a malicious user with sufficient privileges to use this vulnerability to activate the virus. | ||||||
| CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||
| CVSS v2 Severity: | 2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)
| ||||||
| Vulnerability Consequences: | Other | ||||||
| References: | Source: MITRE Type: CNA CVE-1999-0660 Source: CCN Type: BID-5012 Microsoft Visual Studio .NET Korean Version Nimda Infected File Vulnerability Source: XF Type: UNKNOWN vsnet-korean-nimda-file(9362) Source: CCN Type: Microsoft Technical Article Q323302 PRB: Inert Virus Found in Korean Language Version of Visual Studio .NET | ||||||
| Vulnerability Name: | CVE-1999-0660 (CCN-10098) | ||||||
| Assigned: | 2002-09-13 | ||||||
| Published: | 2002-09-13 | ||||||
| Updated: | 2002-09-13 | ||||||
| Summary: | The Slapper worm has been detected on this system.
Slapper is a worm that exploits a previously disclosed vulnerability in the Secure Sockets Layer 2.0 (SSLv2) handshake process. The worm is a modified derivative of the Apache "Scalper" BSD worm. Current versions of the Slapper worm that are in the wild are targeting Linux servers running Apache with mod_ssl. The worm has distributed denial of service (DDoS) capabilities, as well as backdoor functionality. Refer to Internet Security Systems Security Alert, September 14, 2002 for more information. See References. | ||||||
| CVSS v3 Severity: | |||||||
| CVSS v2 Severity: | |||||||
| Vulnerability Consequences: | Denial of Service | ||||||
| References: | Source: CCN Type: BugTraq Mailing List, Thu Oct 03 2002 - 14:37:31 CDT Cisco Secure Content Accelerator vulnerable to SSL worm Source: CCN Type: Internet Security Systems Security Alert, September 14, 2002 "Slapper" OpenSSL/Apache Worm Propagation Source: MITRE Type: CNA CVE-1999-0660 Source: CCN Type: CERT Advisory CA-2002-27 Apache/mod_ssl Worm Source: CCN Type: CIAC Information Bulletin M-125 Apache/mod_ssl Worm Source: XF Type: UNKNOWN slapper-worm(10098) Source: CCN Type: IBM Internet Security Systems X-Force Database OpenSSL SSL2 master key buffer overflow | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| Vulnerability Name: | CVE-1999-0660 (CCN-10154) | ||||||
| Assigned: | 2002-09-22 | ||||||
| Published: | 2002-09-22 | ||||||
| Updated: | 2002-09-22 | ||||||
| Summary: | Slapper.B is a variant of the Slapper worm (Slapper.A) that exploits a previously disclosed vulnerability in the Secure Sockets Layer 2.0 (SSLv2) handshake process. The Slapper worm is a modified derivative of the Apache "Scalper" BSD worm. Current versions of the Slapper worm that are in the wild are targeting Linux servers running Apache with mod_ssl. The worm has distributed denial of service (DDoS) capabilities, as well as backdoor functionality.
Refer to Internet Security Systems Security Alert, September 22, 2002 for more information. See References. | ||||||
| CVSS v3 Severity: | |||||||
| CVSS v2 Severity: | |||||||
| Vulnerability Consequences: | Denial of Service | ||||||
| References: | Source: CCN Type: Internet Security Systems Security Alert, September 22, 2002 Propagation of "Slapper" OpenSSL/Apache Worm Variants Source: MITRE Type: CNA CVE-1999-0660 Source: XF Type: UNKNOWN slapper-worm-b(10154) Source: CCN Type: IBM Internet Security Systems X-Force Database OpenSSL SSL2 master key buffer overflow | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| Vulnerability Name: | CVE-1999-0660 (CCN-10169) | ||||||
| Assigned: | 2002-09-23 | ||||||
| Published: | 2002-09-23 | ||||||
| Updated: | 2002-09-23 | ||||||
| Summary: | Slapper.C is a variant of the Slapper worm (Slapper.A) that exploits a previously disclosed vulnerability in the Secure Sockets Layer 2.0 (SSLv2) handshake process. The Slapper worm is a modified derivative of the Apache "Scalper" BSD worm. Current versions of the Slapper worm that are in the wild are targeting Linux servers running Apache with mod_ssl. The worm has distributed denial of service (DDoS) capabilities, as well as backdoor functionality.
Slapper.C has several viral characteristics not present in other Slapper variants: - Locates any file on the file system that is executable and writable by its user ID. It then overwrites those files with copies of itself. - Copies itself as .cinik to any directory owned by the user-id of the Web server. - Uses crontab to add entries for every copy of itself that it creates on the file system. Creating crontab entries will restart the process if it is process is killed, or if the computer reboots. - Creates a Peer-to-Peer (P2P) network of compromised hosts that communicate on UDP port 1978. - Sends an email to cinik_worm@yahoo.com containing the IP address, CPU information, and memory information of the infected host. Refer to Internet Security Systems Security Alert, September 22, 2002 for more information. See References. | ||||||
| CVSS v3 Severity: | |||||||
| CVSS v2 Severity: | |||||||
| Vulnerability Consequences: | Denial of Service | ||||||
| References: | Source: CCN Type: Internet Security Systems Security Alert, September 22, 2002 Propagation of "Slapper" OpenSSL/Apache Worm Variants Source: MITRE Type: CNA CVE-1999-0660 Source: XF Type: UNKNOWN slapper-worm-c(10169) Source: CCN Type: IBM Internet Security Systems X-Force Database OpenSSL SSL2 master key buffer overflow | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| Vulnerability Name: | CVE-1999-0660 (CCN-10426) | ||||||
| Assigned: | 2002-10-21 | ||||||
| Published: | 2002-10-21 | ||||||
| Updated: | 2002-10-21 | ||||||
| Summary: | The fragrouter program if downloaded from (www.anzen.com) on 18-Oct-2002 or 19-Oct-2002 could contain a backdoor that is installed as part of the configure script. One of the Web site's hosting this program (www.anzen.com) was compromised on or before 18-Oct-2002 and the fragrouter program was modified to include a Trojan Horse in the configure script. The modified version was placed on the Web site as fragrouter-1.7.tar.gz, although no versions of fragrouter have been released since version 1.6. This vulnerability could result in a complete system compromise for the affected users. | ||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||
| CVSS v2 Severity: | 7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||
| Vulnerability Consequences: | Gain Access | ||||||
| References: | Source: CCN Type: BugTraq Mailing List, Mon Oct 21 2002 - 08:31:21 CDT fragrouter trojan Source: MITRE Type: CNA CVE-1999-0660 Source: CCN Type: BID-6022 Fragrouter Trojan Horse Vulnerability Source: XF Type: UNKNOWN fragrouter-backdoor(10426) | ||||||
| Vulnerability Name: | CVE-1999-0660 (CCN-10620) | ||||||
| Assigned: | 2002-11-13 | ||||||
| Published: | 2002-11-13 | ||||||
| Updated: | 2002-11-13 | ||||||
| Summary: | The libpcap and tcpdump tools, if downloaded from (www.tcpdump.org) or libpcap and tcpdump mirrored FTP sites between 11-Nov-2002 and 13-Nov-2002, could cause a backdoor to be installed on victim's computers. One of the Web site's hosting these tools (www.tcpdump.org) was compromised on or before 11-Nov-2002 and the libpcap-0.7.1.tar.gz, tcpdump-3.6.2.tar.gz, and tcpdump-3.7.1.tar.gz files were modified to include a Trojan Horse. This could allow a remote attacker to gain access to systems that have installed the compromised libpcap and tcpdump distributions and execute commands on the system with privileges of the user who installed the affected packages. | ||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||
| CVSS v2 Severity: | 7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||
| Vulnerability Consequences: | Gain Access | ||||||
| References: | Source: MITRE Type: CNA CVE-1999-0660 Source: CCN Type: BugTraq Mailing List, 2002-11-13 14:48:30 Latest libpcap & tcpdump sources from tcpdump.org contain a trojan Source: CCN Type: CERT Advisory CA-2002-30 Trojan Horse tcpdump and libpcap Distributions Source: CCN Type: CIAC Information Bulletin N-014 Trojan Horse tcpdump and libpcap Distributions Source: CCN Type: BID-6171 TCPDump / LIBPCap Trojan Horse Vulnerability Source: XF Type: UNKNOWN libpcap-tcpdump-backdoor(10620) | ||||||
| Vulnerability Name: | CVE-1999-0660 (CCN-10931) | ||||||
| Assigned: | 2002-12-19 | ||||||
| Published: | 2002-12-19 | ||||||
| Updated: | 2002-12-19 | ||||||
| Summary: | The Dynamic Trojan Horse Network (DTHN) Internet worm propagates through email and
through open NetBIOS file shares. DTHN installs itself and establishes communication to a sophisticated peer-to-peer (P2P) communications network, to further spread infections and launch additional attacks. DTHN propagation can cause network congestion, automatically compromise victim systems, and configure a sophisticated network that can then be used for Distributed Denial of Service (DDoS) attacks. DTHN has the following capabilities: -Mass emailing component -DDoS component -NetBIOS file share scanning component -IRC flooding component -Port redirection -Port scanning -Secure P2P communications network Refer to Internet Security Systems Security Alert, December 26, 2002 for more information. See References. | ||||||
| CVSS v3 Severity: | |||||||
| CVSS v2 Severity: | |||||||
| Vulnerability Consequences: | Gain Access | ||||||
| References: | Source: CCN Type: Internet Security Systems Security Alert, December 26, 2002 Dynamic Trojan Horse Network Hybrid Threat Propagation Source: MITRE Type: CNA CVE-1999-0660 Source: XF Type: UNKNOWN dthn-worm(10931) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| Vulnerability Name: | CVE-1999-0660 (CCN-11808) | ||||||
| Assigned: | 2003-04-13 | ||||||
| Published: | 2003-04-13 | ||||||
| Updated: | 2003-04-13 | ||||||
| Summary: | BitchX, if downloaded between 12-Apr-2003 and 13-Apr-2003, could cause a backdoor to be installed on victim's computers. One of the FTP sites that was linked from the BitchX Web site was a false FTP site, and the BitchX IRC Client 1.0 c19 was modified to include a Trojan Horse. Once the Trojan Horse is executed, it attempts to connect to 207.178.61.5 on port 6667. This could allow a remote attacker to gain access to systems that have installed the compromised BitchX distributions and execute commands on the system with privileges of the user who installed the affected package. | ||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||
| CVSS v2 Severity: | 7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||
| Vulnerability Consequences: | Gain Access | ||||||
| References: | Source: MITRE Type: CNA CVE-1999-0660 Source: CCN Type: BugTraq Mailing List, Sun Apr 13 2003 - 0:45:17 CST bitchx sources backdoored on distribution site Source: CCN Type: BugTraq Mailing List, Mon Apr 14 2003 - 20:03:21CST Re: bitchx sources backdoored on distribution site Source: CCN Type: BugTraq Mailing List, Mon Apr 14 2003 - 20:17:26 CST bitchx sources trojaned - follow up Source: CCN Type: BugTraq Mailing List, Tues Apr 15 2003 - 1:44:36 CST BitchX trojan, the real follow up. Source: CCN Type: BitchX Web site BitchX Source: CCN Type: BID-7333 BitchX Trojan Horse Vulnerability Source: XF Type: UNKNOWN bitchx-backdoor(11808) | ||||||
| Vulnerability Name: | CVE-1999-0660 (CCN-13492) | ||||||
| Assigned: | 2003-09-18 | ||||||
| Published: | 2003-09-18 | ||||||
| Updated: | 2003-09-18 | ||||||
| Summary: | The Swen worm, also known as W32/Swen@mm or W32/Gibe-F, is a mass mailing worm that affects Windows systems. The worm takes advantage of the incorrect MIME header vulnerability in Internet Explorer. Swen uses its own SMTP mail application to propagate and attempts to shut down antivirus and personal firewalls running on the system. The worm can arrive in an email or travel using shared network paths or peer-to-peer (P2P) software, such as Kazaa and IRC. | ||||||
| CVSS v3 Severity: | |||||||
| CVSS v2 Severity: | |||||||
| Vulnerability Consequences: | Bypass Security | ||||||
| References: | Source: MITRE Type: CNA CVE-1999-0660 Source: MITRE Type: CNA CVE-2001-0154 Source: CCN Type: CIAC Information Bulletin N-153 New Worms and Helpful Computer Users Source: CCN Type: Microsoft Security Bulletin MS01-020 Incorrect MIME Header Can Cause IE to Execute E-mail Attachment Source: CCN Type: Microsoft Security Bulletin MS01-027 Flaws in Web Server Certificate Validation Could Enable Spoofing Source: CCN Type: Sophos Virus Information W32/Gibe-F Source: XF Type: UNKNOWN swen-worm(13492) | ||||||
| Vulnerability Name: | CVE-1999-0660 (CCN-14884) | ||||||
| Assigned: | 2004-01-20 | ||||||
| Published: | 2004-01-20 | ||||||
| Updated: | 2004-01-20 | ||||||
| Summary: | The D13HH backdoor is a rootkit targeting Solaris systems. This rootkit will potentially allow a remote attacker to obtain Superuser (root) access to the system by using a commonly known password. A user login associated with the D13HH backdoor has been detected. | ||||||
| CVSS v3 Severity: | |||||||
| CVSS v2 Severity: | |||||||
| Vulnerability Consequences: | Gain Access | ||||||
| References: | Source: MITRE Type: CNA CVE-1999-0660 Source: CCN Type: Snort Home Page So what is Snort network security management? Source: XF Type: UNKNOWN d13hh-solaris-rootkit-login(14884) | ||||||
| Vulnerability Name: | CVE-1999-0660 (CCN-14887) | ||||||
| Assigned: | 2004-01-18 | ||||||
| Published: | 2004-01-18 | ||||||
| Updated: | 2004-01-18 | ||||||
| Summary: | Bagle (also known as Beagle, W32/Bagle@MM, and W32.Beagle.A@mm) is a mass-mailing worm with the ability to access a remote Web site. Bagle uses an email to propagate, with the subject of "Hi" and the body of the message consisting of random characters as well as the phrases "Test =)" and "Test, yep."
Victims infect their system by opening the attached executable file, which has a random file name and is 15,872 bytes. If the local system date is greater than January 28, 2004, the worm does nothing. Otherwise, the worm installs itself, harvests addresses from several file types, and mails itself using its own mail application. The sender's address is forged using harvested addresses acquired during infection. | ||||||
| CVSS v3 Severity: | |||||||
| CVSS v2 Severity: | |||||||
| Vulnerability Consequences: | Gain Access | ||||||
| References: | Source: MITRE Type: CNA CVE-1999-0660 Source: CCN Type: McAfee Virus Information Library W32/Bagle@MM Source: CCN Type: Sophos Virus Information W32/Bagle-A Source: CCN Type: Trend Micro Virus Encyclopedia WORM_BAGLE.A Source: CCN Type: Computer Associates Virus Information Center Win32.Bagle.A Source: XF Type: UNKNOWN bagle-worm(14887) | ||||||
| BACK | |||||||