Educause Security Discussion mailing list archives
Re: info on the new worm ?
From: Gate <gate () USC EDU>
Date: Tue, 17 Dec 2002 23:05:45 -0800
IRAQ_WORM info: http://www.f-secure.com/v-descs/lioten.shtml USC Office of Information Assurance USC Center for Information Assurance Studies 3716 So. Hope Street, Suite 378 MC7707 Los Angeles, CA 90089-7707 213-743-4900 213-743-4909 Fax www.usc.edu/infosec ------------------------------ -----Original Message----- From: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU]On Behalf Of Jim Moore Sent: Tuesday, December 17, 2002 7:28 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] info on the new worm ? I haven't seen much info on the new worm circulating except for this. - - - - Begin Included message - - - - All, Over the weekend we detected and completed analysis of what appears to be a new Internet worm which we're calling IraqiWorm. This worm utilizes Windows Null Sessions against Windows 2000 and XP systems to enumerate user account names and group memberships..then it launches a simple brute force dictionary attack against all discovered user names. We suspect the number of infected hosts is already in the thousands, and expect many more infections as there are many hosts poorly secured against this type of mechanized attack. Full details are here: http://www.mynetwatchman.com/kb/security/articles/iraqiworm/index.htm Regards, Lawrence Baldwin Chief Forensics Officer myNetWatchman.com Atlanta, GA +1.678.624.0924 - - - End included message - - - -- -- Jim Moore, CISSP, IAM Information Security Officer Rochester Institute of Technology 13 Lomb Memorial Drive Rochester, NY 14623-5603 Telephone: (585)475-5406 Fax: (585)475-7950 PGP (jimmoore () mail rit edu): 9C33 0328 CD59 B602 82B8 8521 0DC9 963C D0C0 ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/.
Current thread:
- info on the new worm ? Jim Moore (Dec 17)
- <Possible follow-ups>
- Re: info on the new worm ? Crawford, Charles D (Dec 17)
- Re: info on the new worm ? Gate (Dec 17)