Security Incidents mailing list archives
Some brief details on new worm
From: "E. Larry Lidz" <ellidz () eridu uchicago edu>
Date: Tue, 18 Sep 2001 10:34:19 -0500
Okay, we've got some details from a quick glance at one of the infected machines. There's a directory: \Program Files\Common Files\msadc which has 4 files in it: root.exe, TFTP129, TFTP68, TFTP192. The last three look like they might be some sort of registry key. Going to the machine's website and looking for http://<ip>/msadc/TFTP68 should download the file. -Larry --- E. Larry Lidz Phone: (773)702-2208 Sr. Network Security Officer Fax: (773)702-0559 Network Security Center, The University of Chicago PGP: http://security.uchicago.edu/centerinfo/pgpkeys.shtml ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Some brief details on new worm E. Larry Lidz (Sep 18)