---

Computerworld: Security experts search for ‘Moof’

“For several months, Zepp had tracked someone who had been
trashing servers at Internet providers and colleges in the U.S.,
Canada and England. All he had to go on was the hacker’s alias,
Moof, who showed up in the /etc/passwd files on Linux machines just
before wiping out the file directories and rendering those machines
unusable.

“The attack is delivered in a one-two punch, said Mark Wood,
product line manager at Internet Security Systems Inc. (ISS) in
Atlanta.

“It’s the first punch — the sneaky way the cracker gets in —
that network managers need to watch out for. The attacker finds
ports to vulnerable services using a “slow port scan,” in which a
single packet is delivered to a different port about every three
hours. A slow port scan flies beneath any intrusion-detection
tool’s radar, making it nearly impossible to catch.”

Complete
story
.

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis