Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Unusual volume: UDP:137 probes

From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Tue, 01 Oct 2002 09:18:50 +1200
John Sage <jsage () finchhaven com> wrote:


This has received some mention on the UNISOG list and elsewhere, but
not here.

Some people have been seeing unusually high volumes of UDP:137
probes since about 09/27/02 late, or early 09/28/02.

<<snip>>

There is a new network crawler that spreads via SMB, using its own
code rather than depending on MPR.DLL.

I hesitate to name it for, as so often happens, various AV developers
have rushed out detection without talking to each other and come up
with several different names.  A debate to settle the official name is
ongoing as I write, but check your favourite AV vendor's news or
"encyclopedia" pages for the newest entries.

Ohhh -- and this is _not_ Win32/BugBear.A@mm which was also new this
morning and seems to have found some legs...


-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: