Full Disclosure mailing list archives
spoolcll.exe - new worm being distributed via mysql vulnerability?
From: Mike Bailey <worried () gmail com>
Date: Thu, 27 Jan 2005 00:18:21 -0500
Aloha, Earlier tonight, i was sitting here at home doing some normal browsing, and work and my firewall alerted me that a program called spoolcll.exe was attempting to open up a port which i cannot remember now. i tried killing it, but it just came back, over and over again each time spawning itselfs on a new port. Registry says the worm created a service called "evmon", it cannot be paused or stopped, but it can be disabled. The only information about this worm on google is a discussion at the following url: http://forums.whirlpool.net.au/forum-replies.cfm?t=291921&p=1 they are beginning to determinthat it is being distributed via a hole in mysql. Do any of you know anything about this? Thanks in advance. -- Love, Mike Bailey _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- spoolcll.exe - new worm being distributed via mysql vulnerability? Mike Bailey (Jan 26)
- Re: spoolcll.exe - new worm being distributed via mysql vulnerability? Jeremy Davis (Jan 27)
- Re: spoolcll.exe - new worm being distributed via mysql vulnerability? stephane nasdrovisky (Jan 27)
- Re: spoolcll.exe - new worm being distributed via mysql vulnerability? Jeremy Davis (Jan 27)