Some brief details on new worm

["E. Larry Lidz" <ellidz () eridu uchicago edu>]

Okay, we've got some details from a quick glance at one of the infected
machines.

There's a directory:

\Program Files\Common Files\msadc

which has 4 files in it:

root.exe, TFTP129, TFTP68, TFTP192.

The last three look like they might be some sort of registry key.

Going to the machine's website and looking for http://<ip>/msadc/TFTP68
should download the file.

-Larry

---
E. Larry Lidz                                        Phone: (773)702-2208
Sr. Network Security Officer                         Fax:   (773)702-0559
Network Security Center, The University of Chicago
PGP: http://security.uchicago.edu/centerinfo/pgpkeys.shtml

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com