Full Disclosure mailing list archives
Re: NT4 worm
From: David Taylor <ltr () isc upenn edu>
Date: Thu, 31 Aug 2006 07:31:12 -0400
The SANS Internet Storm Center is reporting a large increase in port 139 scans. Not much information on the spike yet. <http://isc.sans.org/diary.php?storyid=1654> On 8/30/06 10:08 AM, "Geo." <geoincidents () nls net> wrote:
Has anyone seen a writeup on this new NT4 worm that's spreading via port 139 MS06-040 yet? I'm seeing customers getting hit by it but I haven't seen any real mention of it anywhere yet. It appears to run two CMD.EXE hidden windows and sucks up all the cpu in the infected systems trying to spread. I've also seen one customer who found csrsc.exe on the machine after the worm hit them. I did manage to find out once it exploits a machine it uses ftp.exe to connect back to the infecting host and transfer something but I've not had time to really dig into this thing. Hoping someone else has already. Looks like it's spreading pretty quick http://isc.incidents.org/port_details.php?port=139&repax=1&tarax=2&srcax=2&p ercent=N&days=40 Geo. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
================================================== David Taylor //Sr. Information Security Specialist University of Pennsylvania Information Security Philadelphia PA USA (215) 898-1236 http://www.upenn.edu/computing/security/ ================================================== Penn Information Security RSS feed http://www.upenn.edu/computing/security/rss/rssfeed.xml Add link to your favorite RSS reader _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: [OT] Re: Re: Re: George Bush appoints a 9 year old to be the chairperson of the Information Security Deportment, (continued)
- Re: [OT] Re: Re: Re: George Bush appoints a 9 year old to be the chairperson of the Information Security Deportment Martin Dipo Zimmermann (Aug 29)
- Re: Re: Re: George Bush appoints a 9 year old to be the chairperson of the Information Security Deportment Valdis . Kletnieks (Aug 29)
- Re: Re: Re: George Bush appoints a 9 year old to be the chairperson of the Information Security Deportment Paul Schmehl (Aug 29)
- Re: Re: Re: George Bush appoints a 9 year old to be the chairperson of the Information Security Deportment Dude VanWinkle (Aug 29)
- Re: Re: Re: George Bush appoints a 9 year old to be the chairperson of the Information Security Deportment pauls (Aug 29)
- Re: Re: Re: George Bush appoints a 9 year old to be the chairperson of the Information Security Deportment Dude VanWinkle (Aug 29)
- Re: Re: Re: George Bush appoints a 9 year old to be the chairperson of the Information Security Deportment rek2 GNU/Linux LO LO LO (Aug 30)
- Re: Re: Re: George Bush appoints a 9 year old to be the chairperson of the Information Security Deportment Paul Schmehl (Aug 30)
- Re: Re: Re: George Bush appoints a 9 year old to be the chairperson of the Information Security Deportment Thomas Pollet (Aug 30)
- NT4 worm Geo. (Aug 30)
- Re: NT4 worm David Taylor (Aug 31)
- Re: Re: Re: George Bush appoints a 9 year old to be the chairperson of the Information Security Deportment Paul Schmehl (Aug 30)
- Re: Re: Re: George Bush appoints a 9 year old to be the chairperson of the Information Security Deportment cardoso (Aug 30)
- Re: Re: Re: George Bush appoints a 9 year old to be the chairperson of the Information Security Deportment Paul Schmehl (Aug 30)
- Re: Re: Re: George Bush appoints a 9 year old to be the chairperson of the Information Security Deportment cardoso (Aug 30)
- Re: Re: Re: George Bush appoints a 9 year old to be the chairperson of the Information Security Deportment Paul Schmehl (Aug 30)
- Re: Re: Re: George Bush appoints a 9 year old to be the chairperson of the Information Security Deportment teh kids (Aug 30)
- Re: Re: Re: George Bush appoints a 9 year old to be the chairperson of the Information Security Deportment Disco Jonny (Aug 30)
- Re: Re: Re: George Bush appoints a 9 year old to be the chairperson of the Information Security Deportment Marco Ermini (Aug 30)
- Re: Re: Re: George Bush appoints a 9 year old to be the chairperson of the Information Security Deportment Denis Jedig (Aug 28)
- Re: Re: Re: Re: George Bush appoints a 9 year old to be the chairperson of the Information Security Deportment Jessica Hope (Aug 28)