Educause Security Discussion mailing list archives
info on the new worm ?
From: Jim Moore <jhmfa () CIS RIT EDU>
Date: Tue, 17 Dec 2002 10:27:39 -0500
I haven't seen much info on the new worm circulating except for this. - - - - Begin Included message - - - - All, Over the weekend we detected and completed analysis of what appears to be a new Internet worm which we're calling IraqiWorm. This worm utilizes Windows Null Sessions against Windows 2000 and XP systems to enumerate user account names and group memberships..then it launches a simple brute force dictionary attack against all discovered user names. We suspect the number of infected hosts is already in the thousands, and expect many more infections as there are many hosts poorly secured against this type of mechanized attack. Full details are here: http://www.mynetwatchman.com/kb/security/articles/iraqiworm/index.htm Regards, Lawrence Baldwin Chief Forensics Officer myNetWatchman.com Atlanta, GA +1.678.624.0924 - - - End included message - - - -- -- Jim Moore, CISSP, IAM Information Security Officer Rochester Institute of Technology 13 Lomb Memorial Drive Rochester, NY 14623-5603 Telephone: (585)475-5406 Fax: (585)475-7950 PGP (jimmoore () mail rit edu): 9C33 0328 CD59 B602 82B8 8521 0DC9 963C D0C0 ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/.
Current thread:
- info on the new worm ? Jim Moore (Dec 17)
- <Possible follow-ups>
- Re: info on the new worm ? Crawford, Charles D (Dec 17)
- Re: info on the new worm ? Gate (Dec 17)