Security Incidents mailing list archives

Re: Increase in Source to Port 445

From: aladin168 <aladin168 () hotmail com>
Date: 3 Apr 2003 19:45:07 -0000

In-Reply-To: <F7B823B2B5C9544CACAB8B59DD6872B30114B47F () email macdirect com>

Although there are many Deloder worms causing port 445 traffic, the new 
worm, W32.HLLW.Cult.C@mm, may be the real cause of this.  Symantec has an 
analysis from 4/2/2003: 
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.cult.c@mm.
html

/Kyle
Kyle Lai, CISSP, CISA
KLC Consulting, Inc.
klai () klcconsulting net
www.klcconsulting.net

From: Rob Keown <Keown () MACDIRECT COM>
To: incidents () securityfocus com
Subject: Increase in Source to Port 445
Date: Tue, 1 Apr 2003 21:54:58 -0500 
MIME-Version: 1.0

We are observing an increase in port 445 traffic from a much wider group

of

sources than what we have seen over the last few weeks.

Anyone else observing this?

Rob Keown


----------------------------------------------------------------------------
Powerful Anti-Spam Management and More...
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.securityfocus.com/SurfControl-incidents

Current thread:

Increase in Source to Port 445 Rob Keown (Apr 02)
- RE: Increase in Source to Port 445 James C Slora Jr (Apr 03)
- <Possible follow-ups>
- Re: Increase in Source to Port 445 aladin168 (Apr 03)