From: "Rich" 

This is a multi-part message in MIME format.

------=_NextPart_000_0347_01C3372C.6DB6C890
Content-Type: text/plain;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

   I didn't misunderstand the incorrect "Windows size" reference either. =
 For some reason Joe left out the portion of the quoted article that =
identified it as Linux specific which would have made it clear.

Rich

  "Syscotek"  wrote in message =
news:3ef35f79$1{at}w3.nls.net...
  Gee Rich...he posted this in linuxhelp.  I didn't mis-read the =
"windows"
  reference in the article and I doubt that anyone who frequents this
  newsgroup did either (well...maybe the one person who I've =
kill-filed).

  (BTW, I wish you'd turn off the HTML in your news reader and avoid the
  excessive quotebacks in your msgs - but feel free to ignore my =
wishes).

  Cheers!

  "Rich"  wrote in message news:3ef32ec1{at}w3.nls.net...
     You forgot to include the following from the article

  The Trojan currently attacks Linux-based systems, Ingevaldson says, =
but it
  could easily be ported to other operating-system platforms. Many =
businesses
  use Linux as the operating system for their Web servers.

  Note the error in the reference to "its Windows size".  This is the =
TCP
  window size and nothing to do with Windows.  See
  http://www.gcn.com/vol1_no1/daily-updates/22371-1.html.

  Rich


  "Joe Barr"  wrote in message
  news:pan.2003.06.20.15.30.25.997885{at}austin.rr.com...

  =
http://www.informationweek.com/story/showArticle.jhtml?articleID=3D107006=
45


  There's a new security threat out on the Internet, but it's not clear =
how
  much of a threat it really is. Security researchers at Internet =
Security
  Systems say they've captured the code for a sneaky new Trojan =
application
  that has installed itself on an unknown number of Internet-connected
  servers and is attempting to scan and map networks connected to the
  Internet and send that information back to its controller.

  Dan Ingevaldson, team leader for Internet Security Systems' X-Force =
R&D
  unit, says researchers are studying the Trojan--currently dubbed 55808 =
for
  its Windows size--which has been causing confusion for about a month =
in
  security circles. Security experts managed to capture their first copy =
of
  the Trojan on Wednesday, and they're still working to determine =
exactly
  what the Trojan is trying to accomplish.

  One thing is clear: Trojan 55808 is sneakier than previous Trojan =
horses.
  It doesn't self-propagate, like a virus or a worm, and requires the
  attacker to plant it on systems. But it does transmit a lot of network
  noise designed to throw off cybersleuths attempting to find the IP
  addresses of infected systems, as well as the address of the Trojan's
  writer or controller.

  --


------=_NextPart_000_0347_01C3372C.6DB6C890
Content-Type: text/html;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable








   I didn't
misunderstand the =
incorrect=20
"Windows size" reference either.  For some
reason Joe left out = the=20
portion of the quoted article that identified it as Linux specific
= which=20
would have made it clear.
 
Rich
 

  "Syscotek" <steve{at}barkto.com>=20">mailto:steve{at}barkto.com">steve{at}barkto.com>=20
  wrote in message news:3ef35f79$1{at}w3.nls.net...Gee=20
  Rich...he posted this in linuxhelp.  I didn't mis-read the=20
  "windows"reference in the article and I doubt that anyone who =
frequents=20
  thisnewsgroup did either (well...maybe the one person who I've=20
  kill-filed).(BTW, I wish you'd turn off the HTML in your news =
reader=20
  and avoid theexcessive quotebacks in your msgs - but feel free to =
ignore=20
  my
wishes).Cheers!"Rich"
<{at}> wrote in message news:3ef32ec1{at}w3.nls.net...&nbs=
p; =20
  You forgot to include the following from the
articleThe Trojan =

  currently attacks Linux-based systems, Ingevaldson says, but =
itcould=20
  easily be ported to other operating-system platforms. Many =
businessesuse=20
  Linux as the operating system for their Web servers.Note the =
error in=20
  the reference to "its Windows size".  This is the
TCPwindow =
size and=20
  nothing to do with Windows.  Seehttp://ww" target="new">http://ww=">http://www.gcn.com/vol1_no1/daily-updates/22371-1.html">http://ww=
w.gcn.com/vol1_no1/daily-updates/22371-1.html.Rich"Joe=20
  Barr" <warthawg{at}austin.rr.com>">mailto:warthawg{at}austin.rr.com">warthawg{at}austin.rr.com>
=
wrote in=20
  messagenews:pan.2003.=
06.20.15.30.25.997885{at}austin.rr.com...http://www.informationweek.com/story/showArticle.jhtml?articleID=3D=
10700645">http://www.informationweek.com/story/showArticle.jhtml?articleI=
D=3D10700645There's=20
  a new security threat out on the Internet, but it's not clear =
howmuch of a=20
  threat it really is. Security researchers at Internet =
SecuritySystems say=20
  they've captured the code for a sneaky new Trojan applicationthat =
has=20
  installed itself on an unknown number of Internet-connectedservers =
and is=20
  attempting to scan and map networks connected to theInternet and =
send that=20
  information back to its controller.Dan Ingevaldson, team =
leader for=20
  Internet Security Systems' X-Force R&Dunit, says researchers =
are=20
  studying the Trojan--currently dubbed 55808 forits Windows =
size--which has=20
  been causing confusion for about a month insecurity circles. =
Security=20
  experts managed to capture their first copy ofthe Trojan on =
Wednesday, and=20
  they're still working to determine exactlywhat the Trojan is =
trying to=20
  accomplish.One thing is clear: Trojan 55808 is sneakier than =
previous=20
  Trojan horses.It doesn't self-propagate, like a virus or a worm, =
and=20
  requires theattacker to plant it on systems. But it does transmit =
a lot of=20
  networknoise designed to throw off cybersleuths attempting to find =
the=20
  IPaddresses of infected systems, as well as the address of the=20
  Trojan'swriter or =
controller.--

------=_NextPart_000_0347_01C3372C.6DB6C890--

--- BBBS/NT v4.01 Flag-4