From: "Joe Barr" 


http://www.informationweek.com/story/showArticle.jhtml?articleID=10700645


There's a new security threat out on the Internet, but it's not clear how
much of a threat it really is. Security researchers at Internet Security
Systems say they've captured the code for a sneaky new Trojan application
that has installed itself on an unknown number of Internet-connected
servers and is attempting to scan and map networks connected to the
Internet and send that information back to its controller.

Dan Ingevaldson, team leader for Internet Security Systems' X-Force R&D
unit, says researchers are studying the Trojan--currently dubbed 55808 for
its Windows size--which has been causing confusion for about a month in
security circles. Security experts managed to capture their first copy of
the Trojan on Wednesday, and they're still working to determine exactly
what the Trojan is trying to accomplish.

One thing is clear: Trojan 55808 is sneakier than previous Trojan horses.
It doesn't self-propagate, like a virus or a worm, and requires the
attacker to plant it on systems. But it does transmit a lot of network
noise designed to throw off cybersleuths attempting to find the IP
addresses of infected systems, as well as the address of the Trojan's
writer or controller.

--

--- BBBS/NT v4.01 Flag-4