Full Disclosure mailing list archives
Re: New Worm in the wild
From: malware () t-online de (Michael Mueller)
Date: Tue, 19 Aug 2003 17:35:15 +0200
Hi dbtrino, you wrote:
we see a lot of ping traffic and have a lot of users who report of mails with attachements ~74KB which have not been send by the 'sender'.
The ping traffic might be caused by a worm name W32/Nachi by NAI. See http://vil.nai.com/vil/content/v_100559.htm . It does use the DCOM RPC hole and a flaw in IIS/5.0 as reported in http://www.securityfocus.com/bid/7735/info/ The mails match the report of W32/Sobig.f@MM, see http://vil.nai.com/vil/content/v_100561.htm Michael _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- New Worm in the wild dbtrino2 (Aug 19)
- Re: New Worm in the wild Andreas Gietl (Aug 19)
- Re: New Worm in the wild Andy (Aug 19)
- Re: New Worm in the wild Michael Mueller (Aug 19)
- Re: New Worm in the wild martin f krafft (Aug 19)
- New Worm in the wild Geo. (Aug 19)
- Re: Re: New Worm in the wild CHeeKY (Aug 19)
- <Possible follow-ups>
- RE: New Worm in the wild Johnson, Mark (Aug 19)
- Re: New Worm in the wild r1an (Aug 19)
- RE: New Worm in the wild Rainer Gerhards (Aug 19)