[Full-Disclosure] spoolcll.exe - new worm being distributed via mysql vulnerability?
From: Mike Bailey (worried_at_gmail.com)
Date: 01/27/05
- Previous message: KF (Lists): "[Full-Disclosure] DMA[2005-0127a] - 'Apple OSX batch family poor use of setuid'"
- Next in thread: Jeremy Davis: "Re: [Full-Disclosure] spoolcll.exe - new worm being distributed via mysql vulnerability?"
- Reply: Jeremy Davis: "Re: [Full-Disclosure] spoolcll.exe - new worm being distributed via mysql vulnerability?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 27 Jan 2005 00:18:21 -0500 To: full-disclosure@lists.netsys.com
Aloha,
Earlier tonight, i was sitting here at home doing some normal
browsing, and work and my firewall alerted me that a program called
spoolcll.exe was attempting to open up a port which i cannot remember
now.
i tried killing it, but it just came back, over and over again each
time spawning itselfs on a new port.
Registry says the worm created a service called "evmon", it cannot be
paused or stopped, but it can be disabled.
The only information about this worm on google is a discussion at the
following url: http://forums.whirlpool.net.au/forum-replies.cfm?t=291921&p=1
they are beginning to determinthat it is being distributed via a hole
in mysql.
Do any of you know anything about this? Thanks in advance.
-- Love, Mike Bailey _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: KF (Lists): "[Full-Disclosure] DMA[2005-0127a] - 'Apple OSX batch family poor use of setuid'"
- Next in thread: Jeremy Davis: "Re: [Full-Disclosure] spoolcll.exe - new worm being distributed via mysql vulnerability?"
- Reply: Jeremy Davis: "Re: [Full-Disclosure] spoolcll.exe - new worm being distributed via mysql vulnerability?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
