Stumbler Mapping Networks For Future Attacks
Stumbler doesn't fit cleanly into a line of the malware family tree. It can be best described as a distributed network-mapping program, Mehta said. It uses a TCP SYN probe with a window size of 55808 to explore networks. Stumbler spoofs its source IP address to cloak where the probe originated.
Stumbler's job is to probe networks for open ports on hosts and firewalls. This information can then be used by the author to attack vulnerable systems. Its reconnaissance scanning is done randomly; it's not targeted at specific companies or sectors, Mehta said.
The link for this article located at SearchSecurity is no longer available.