Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

RE: New virus outbreak.

From: Danny <Danny () drexel edu>
Date: Mon, 10 Mar 2003 10:47:18 -0500
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jesse, it appears as though we where hit by this self propogating version of multidropper-fl.
 
http://vil.nai.com/vil/content/v_100124.htm 

" -- Update March 7, 2003 -- 
AVERT has received a new variant of this MultiDropper that tries to access other systems through Microsoft Networking, 
using the IPC$ share. AVERT has been not seen this work in our testing at this time. This new variant does not create 
the registry entry referenced below. "

Cheers
Danny
Network Security Engineer
Drexel University
PGP Print: C6AD B205 E3C6 38AB 0164 6604 66F5 CCFC F4ED F1E0
PGP Key: http://akasha.irt.drexel.edu/danny.asc
 

|->-----Original Message-----
|->From: Jesse W. Asher [mailto:jasher1 () tampabay rr com]
|->Sent: Sunday, March 09, 2003 8:06 AM
|->To: Danny
|->Cc: 'intrusions () incidents org'; 'incidents () securityfocus com'
|->Subject: Re: New virus outbreak.
|->
|->
|->Is there any more information on this?  Anyone else seen anything related
|->to this?  How many people have checked their networks over the weekend??
|->

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQA/AwUBPmy0Vmb1zPz07fHgEQJLQgCgmH80d6w6kbTw+8WydcO973yuQpoAnA8k
LekbDyooH7dUshMA2o356guU
=gBWd
-----END PGP SIGNATURE-----

----------------------------------------------------------------------------

<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure";> http://www.securityfocus.com/stillsecure </A>
Previous By Date Next
Previous By Thread Next

Current thread: