Re: MS04-011 Worm Info from Symantec

[Scott Fendley <scottf () UARK EDU>]

If any of you have copies of the malware....Please submit them to the
Internet Storm Center (isc.sans.org).  There has been some questions about
wether there is really 2 variations of the worm...and the only way to tell
is to run some copies of hte malware in control environments, check
md5s..and similar tasks.  Thanks for anyone that can help out.


Scott Fendley
University of Arkansas

At 09:53 PM 5/1/2004, you wrote:
>    We are seeing quite a few Sasser infections too.
> We blocked a couple hundred PCs last evening and I suspect
> most of them were Sasser. McAfee also has info and raised
> the risk level to Medium for this worm (it is included in
> the v2.2.3 stinger). See http://vil.nai.com/vil/content/v_125007.htm
>
> Faigle, Chris wrote:
>
> > Symantec has sent out info regarding a worm targeting MS04-011:
> >
> > http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.worm.html
> >
> > Regards,
> > Chris Faigle
> > IS Security
> > University of Richmond
> >
> > **********
> > Participation and subscription information for this EDUCAUSE Discussion
> > Group discussion list can be found at http://www.educause.edu/cg/.
>
> **********
> Participation and subscription information for this EDUCAUSE Discussion
> Group discussion list can be found at http://www.educause.edu/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.