Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Port 137 probes

From: Bubsy <pizzapowered () yahoo com>
Date: 1 Oct 2002 06:11:42 -0000


After I saw that you guys were getting more port 137's than usual, I 
looked at my logs. I found that I was also getting far more port 137's 
than usual :) so I took a break from what I was doing to see what was up. 
The remote port was almost always 1025, and the suspect only sent one 
attempt each time. I did the 10 second look on a suspect machine with an 
open share and found scrsvr.exe , which I believe to be the culprit, it 
seems so cut and dried that I'm not even gonna sandbox it. Read more here -
 
http://vil.mcafee.com/dispVirus.asp?virus_k=99729

Well, there ya go, comes to life ~the 28th, bang boom zoom.

All good things to all good people!

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: