Educause Security Discussion mailing list archives
Re: bestfriends.scr AIM virus
From: Jason Richardson <A00JER2 () WPO CSO NIU EDU>
Date: Fri, 21 Jan 2005 17:44:38 -0600
Just blocked about 20 machines doing the same thing on our Res Net - all port 139. --- Jason Richardson Manager, IT Security and Client Development Enterprise Systems Support Northern Illinois University Voice: 815-753-1678 Fax: 815-753-2555 jasrich () niu edu
brooksje () LONGWOOD EDU 1/21/2005 12:40:16 PM >>>
Correction: it was port 139. Started at 11:00 AM Eastern today. -----Original Message----- From: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jason Brooks Sent: Friday, January 21, 2005 1:19 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] bestfriends.scr AIM virus Do you know if this one has any other characteristics to watch for? We caught a dramatic increase in port 135 scans originating from the RESNET this morning. Before today, all was quiet, so I'm wondering if there might be a connection. Thanks, Jason Brooks Jason Brooks Information Security Technician Longwood University 201 High Street Farmville, VA 23909 (434) 395-2034 mailto:brooksje () longwood edu -----Original Message----- From: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Mark Wilson Sent: Friday, January 21, 2005 11:22 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] bestfriends.scr AIM virus Be on the lookout for this one as we are seeing a lot of this. There is a snort rule for it. If you notice traffic going to 81.91.66.220, you probably have infected hosts. There are several strains going around as we have had to update McAfee 3 times. More info can be found at http://www.jayloden.com/BestFriends.htm Mark Wilson GCIA, CISSP #53153 Network Security Specialist Auburn University (334) 844-9347 ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- bestfriends.scr AIM virus Mark Wilson (Jan 21)
- <Possible follow-ups>
- Re: bestfriends.scr AIM virus Jason Brooks (Jan 21)
- Re: bestfriends.scr AIM virus Jason Brooks (Jan 21)
- Re: bestfriends.scr AIM virus Mark Wilson (Jan 21)
- Re: bestfriends.scr AIM virus Mark Wilson (Jan 21)
- Re: bestfriends.scr AIM virus Jason Richardson (Jan 21)
- Re: bestfriends.scr AIM virus Anderson, Brandie (Jan 21)
- Re: bestfriends.scr AIM virus Brock, Adam (Jan 22)
- Re: bestfriends.scr AIM virus RLVaughn (Jan 22)
- Re: bestfriends.scr AIM virus H. Morrow Long (Jan 22)
- Re: bestfriends.scr AIM virus Peter Moody (Jan 22)
- Re: bestfriends.scr AIM virus Cam Beasley, ISO (Jan 23)
- Re: bestfriends.scr AIM virus Cam Beasley, ISO (Jan 23)
- Re: bestfriends.scr AIM virus Jeff Kell (Jan 23)
- Re: bestfriends.scr AIM virus Jason Brooks (Jan 24)
- Re: bestfriends.scr AIM virus Jason Richardson (Jan 24)
(Thread continues...)