Full Disclosure mailing list archives
Re: No one else seeing the new MS05-039 worm yet?
From: Willem Koenings <infsec () gmail com>
Date: Tue, 30 Aug 2005 17:27:40 +0300
Hi! On 8/30/05, Vic Vandal <vvandal () well com> wrote:
This has been going around since early Monday afternoon. Symantec and other AV vendors have had code since then, and no details STILL. I guess one can call it the Katrina worm until something better comes along.
Haven't seen the one you mentioning (care to share?), however the usual stuff like ssl.exe, mousebm.exe, runs.pif, ried.pif, wintbp.exe etc are still quite active as i found a lot of them in my honeypot so the attack vector is still high. W. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- No one else seeing the new MS05-039 worm yet? Vic Vandal (Aug 29)
- Re: No one else seeing the new MS05-039 worm yet? Morning Wood (Aug 30)
- Re: No one else seeing the new MS05-039 worm yet? Vic Vandal (Aug 30)
- Re: No one else seeing the new MS05-039 worm yet? Something Anonymous (Aug 30)
- Re: No one else seeing the new MS05-039 worm yet? Morning Wood (Aug 30)
- Re: No one else seeing the new MS05-039 worm yet? Willem Koenings (Aug 30)
- Re: No one else seeing the new MS05-039 worm yet? fd (Aug 30)
- <Possible follow-ups>
- Re: No one else seeing the new MS05-039 worm yet? Peter Ferrie (Aug 30)
- Re: No one else seeing the new MS05-039 worm yet? Morning Wood (Aug 30)