|
Security Incidents
mailing list archives
Re: Unusual volume: UDP:137 probes
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Tue, 01 Oct 2002 09:18:50 +1200
John Sage <jsage () finchhaven com> wrote:
This has received some mention on the UNISOG list and elsewhere, but
not here.
Some people have been seeing unusually high volumes of UDP:137
probes since about 09/27/02 late, or early 09/28/02.
<<snip>>
There is a new network crawler that spreads via SMB, using its own
code rather than depending on MPR.DLL.
I hesitate to name it for, as so often happens, various AV developers
have rushed out detection without talking to each other and come up
with several different names. A debate to settle the official name is
ongoing as I write, but check your favourite AV vendor's news or
"encyclopedia" pages for the newest entries.
Ohhh -- and this is _not_ Win32/BugBear.A () mm which was also new this
morning and seems to have found some legs...
--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
 By Date 
By Thread
Current thread:
| 
Intro
