|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Christopher Albert (albert_at_DMS.UMontreal.CA)
Date: Mon Sep 30 2002 - 15:45:39 CDT
Emeric Miszti wrote:
>On Monday 30 Sep 2002 9:33 am, Mark Forsyth wrote:
>
>>On Monday, September 30, 2002 9:02 AM, John Sage
>>[SMTP:jsage
finchhaven.com] wrote:
>>
>>>This has received some mention on the UNISOG list and elsewhere, but
>>>not here.
>>>
>>>Some people have been seeing unusually high volumes of UDP:137 probes
>>>since about 09/27/02 late, or early 09/28/02.
>>>
<snip>
>>>
>
>Been seeing exactly the same spike with same patterns. Up from 40 odd scans on
>28/9/2002 to 495 already today.
>
>Incidents.org have picked this up at the Internet Storm Center
>
>http://isc.incidents.org/port_details.html?port=137
>
>No explanations or reasons been given by anyone yet.
>
This might be W32/BubbearMM , which spreads by SMTP
and network shares:*
*
http://vil.nai.com/vil/content/v_99728.htm
http://www.sophos.com/virusinfo/analyses/w32bugbeara.html
Chris
--------------------------------------------------------------------
Christopher Albert
Responsable des services informatiques
Departement de mathematiques et de statistique
Universite de Montreal
bureau 6188, Pavillon Andre-Aisenstadt
Tel: (514) 343-2281 Fax: (514) 343-5700
--------------------------------------------------------------------
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]