|
Security Incidents
mailing list archives
RE: New virus outbreak.
From: Danny <Danny () drexel edu>
Date: Mon, 10 Mar 2003 10:47:18 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jesse, it appears as though we where hit by this self propogating version of multidropper-fl.
http://vil.nai.com/vil/content/v_100124.htm
" -- Update March 7, 2003 --
AVERT has received a new variant of this MultiDropper that tries to access other systems through Microsoft Networking,
using the IPC$ share. AVERT has been not seen this work in our testing at this time. This new variant does not create
the registry entry referenced below. "
Cheers
Danny
Network Security Engineer
Drexel University
PGP Print: C6AD B205 E3C6 38AB 0164 6604 66F5 CCFC F4ED F1E0
PGP Key: http://akasha.irt.drexel.edu/danny.asc
|->-----Original Message-----
|->From: Jesse W. Asher [mailto:jasher1 () tampabay rr com]
|->Sent: Sunday, March 09, 2003 8:06 AM
|->To: Danny
|->Cc: 'intrusions () incidents org'; 'incidents () securityfocus com'
|->Subject: Re: New virus outbreak.
|->
|->
|->Is there any more information on this? Anyone else seen anything related
|->to this? How many people have checked their networks over the weekend??
|->
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
iQA/AwUBPmy0Vmb1zPz07fHgEQJLQgCgmH80d6w6kbTw+8WydcO973yuQpoAnA8k
LekbDyooH7dUshMA2o356guU
=gBWd
-----END PGP SIGNATURE-----
----------------------------------------------------------------------------
<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure";> http://www.securityfocus.com/stillsecure </A>
 By Date 
By Thread
Current thread:
|
Intro
