Security Incidents mailing list archives
Port 137 probes
From: Bubsy <pizzapowered () yahoo com>
Date: 1 Oct 2002 06:11:42 -0000
After I saw that you guys were getting more port 137's than usual, I looked at my logs. I found that I was also getting far more port 137's than usual :) so I took a break from what I was doing to see what was up. The remote port was almost always 1025, and the suspect only sent one attempt each time. I did the 10 second look on a suspect machine with an open share and found scrsvr.exe , which I believe to be the culprit, it seems so cut and dried that I'm not even gonna sandbox it. Read more here - http://vil.mcafee.com/dispVirus.asp?virus_k=99729 Well, there ya go, comes to life ~the 28th, bang boom zoom. All good things to all good people! ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Port 137 probes Bubsy (Oct 01)