Re: [Full-disclosure] No one else seeing the new MS05-039 worm yet?
From: Willem Koenings (infsec_at_gmail.com)
Date: 08/30/05
- Previous message: Morning Wood: "Re: [Full-disclosure] No one else seeing the new MS05-039 worm yet?"
- In reply to: Vic Vandal: "[Full-disclosure] No one else seeing the new MS05-039 worm yet?"
- Next in thread: Peter Ferrie: "Re: [Full-disclosure] No one else seeing the new MS05-039 worm yet?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 30 Aug 2005 17:27:40 +0300 To: full-disclosure@lists.grok.org.uk
Hi!
On 8/30/05, Vic Vandal <vvandal@well.com> wrote:
> This has been going around since early Monday afternoon. Symantec
> and other AV vendors have had code since then, and no details STILL.
>
> I guess one can call it the Katrina worm until something better comes along.
Haven't seen the one you mentioning (care to share?), however
the usual stuff like ssl.exe, mousebm.exe, runs.pif, ried.pif,
wintbp.exe etc are still quite active as i found a lot of them in my
honeypot so the attack vector is still high.
W.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Previous message: Morning Wood: "Re: [Full-disclosure] No one else seeing the new MS05-039 worm yet?"
- In reply to: Vic Vandal: "[Full-disclosure] No one else seeing the new MS05-039 worm yet?"
- Next in thread: Peter Ferrie: "Re: [Full-disclosure] No one else seeing the new MS05-039 worm yet?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
