Re: bestfriends.scr AIM virus

[Jason Brooks <brooksje () LONGWOOD EDU>]

Do you know if this one has any other characteristics to watch for?  We
caught a dramatic increase in port 135 scans originating from the RESNET
this morning.  Before today, all was quiet, so I'm wondering if there might
be a connection.

Thanks,
Jason Brooks

Jason Brooks
Information Security Technician
Longwood University
201 High Street
Farmville, VA 23909
(434) 395-2034
mailto:brooksje () longwood edu

-----Original Message-----
From: The EDUCAUSE Security Discussion Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Mark Wilson
Sent: Friday, January 21, 2005 11:22 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] bestfriends.scr AIM virus

Be on the lookout for this one as we are seeing a lot of this.  There is
a snort rule for it.

If you notice traffic going to 81.91.66.220, you probably have infected
hosts.

There are several strains going around as we have had to update McAfee
3 times.

More info can be found at http://www.jayloden.com/BestFriends.htm

Mark Wilson
GCIA, CISSP #53153
Network Security Specialist
Auburn University
(334) 844-9347

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/groups/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.