Full Disclosure mailing list archives
Re: New variant of Nachi ?
From: KF <dotslash () snosoft com>
Date: Wed, 29 Oct 2003 06:54:10 -0500
Awan, Farrukh (OCTO) wrote:
Has any body detected a new variant of the Nachi worm infecting machines not patched with MS03-039. I couldn't find any details on it propagation except once a host is infected, it attempts to propagate via SMB over TCP (port 445). Any details on exploit code /payload...Best Regards; Farrukh Awan(202) -727-8856 (Office)**
https://gtoc.iss.net/issEn/delivery/gtoc/index.jsp hreat ForecastOur analysts are aware of a worm actively exploiting flaws addressed under Microsoft Security Bulletin MS03-026 and MS03-039. This worm activity is consistent with a variation of the Nachi or LovSan worms. Once a host is infected, it will attempt to propagate outbound via port 445.
-KF _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- New variant of Nachi ? Awan, Farrukh (OCTO) (Oct 28)
- Re: New variant of Nachi ? KF (Oct 28)
- Re: New variant of Nachi ? Helmut Springer (Oct 29)
- Re: New variant of Nachi ? Florian Weimer (Oct 29)
- Re: New variant of Nachi ? Helmut Springer (Oct 29)
- <Possible follow-ups>
- RE: New variant of Nachi ? Discini, Sonny (Oct 29)
- Re: New variant of Nachi ? Valdis . Kletnieks (Oct 29)
- Re: New variant of Nachi ? KF (Oct 28)