|
Full Disclosure
mailing list archives
another new worm submission
From: "Perrymon, Josh L." <PerrymonJ () bek com>
Date: Fri, 4 Jun 2004 14:11:26 -0500
http://www.detroit-x.com/analysis.htm
This is something we found this morning. I have packet captures that I will
post.
I have attached the infected files found with FPORT and also registry
entries.
We found this rebooting machines with the LSASS.exe error similar to Sasser.
As of 6/4/2004 we found no virus defs to pick it up.
Joshua Perrymon
Sr. Network Security Consultant
PGP Fingerprint
51B8 01AC E58B 9BFE D57D 8EF6 C0B2 DECF EC20 6021
**********CONFIDENTIALITY NOTICE**********
The information contained in this e-mail may be proprietary and/or
privileged and is intended for the sole use of the individual or
organization named above. If you are not the intended recipient or an
authorized representative of the intended recipient, any review, copying
or distribution of this e-mail and its attachments, if any, is prohibited.
If you have received this e-mail in error, please notify the sender
immediately by return e-mail and delete this message from your system.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
 By Date 
By Thread
Current thread:
- another new worm submission Perrymon, Josh L. (Jun 04)
|
Intro
