Stumbler mapping networks for future attacks

Thursday, 26 June 2003, 2:28 PM EST

The recently discovered Stumbler network-mapping tool represents a variety of malware that leaves enterprises with little in the way of defense, other than to lock down networks and employ intrusion detection, experts said.

At first, some researchers considered Stumbler a Trojan horse program, but Neel Mehta, a research engineer with Atlanta-based Internet Security Systems Inc.'s X-Force research team, isn't so sure. "It's hard to characterize," he said, noting that Stumbler doesn't enable unauthorized access like a Trojan does.

Stumbler doesn't fit cleanly into a line of the malware family tree. It can be best described as a distributed network-mapping program, Mehta said. It uses a TCP SYN probe with a window size of 55808 to explore networks. Stumbler spoofs its source IP address to cloak where the probe originated.

Stumbler's job is to probe networks for open ports on hosts and firewalls. This information can then be used by the author to attack vulnerable systems. Its reconnaissance scanning is done randomly; it's not targeted at specific companies or sectors, Mehta said.

[ Read more ]




Spotlight

Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //