Re: W32.Badtrans.B@mm storming my mailservers...

From: Ryan Tucker (rtucker@netacc.net)
Date: 11/26/01


Date: Mon, 26 Nov 2001 14:55:45 -0500
Subject: Re: W32.Badtrans.B@mm storming my mailservers...
To: "Raistlin" <raistlin@gioco.net>
From: Ryan Tucker <rtucker@netacc.net>
Message-Id: <94438BA8-E2A7-11D5-876E-000393062A52@netacc.net>

We're seeing a lot of it...

Our possible-email-attack alarms have looked like this over the last
week...

2001-11-20 4
2001-11-21 7
2001-11-22 4
2001-11-23 2
2001-11-24 1
2001-11-25 5
2001-11-26 11 (up to 14:30 EST)

We started noticing this worm at 16:44 EST yesterday (11/25)...

Fortunately, html-trap.procmail seems to work well for catching
this. :-) -rt

On Monday, November 26, 2001, at 02:30 , Raistlin wrote:

> I have personally received about 8 copies of this worm today, and my
> mailserver is busy with incoming and outgoing requests of the same
> kind.
>
> Is this a trend out there or it's just my problem ?
>
> Stefano "Raistlin" Zanero
> System Administrator Gioco.Net
> public PGP key block at http://gioco.net/pgpkeys
>
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com
>
>

--
Ryan Tucker <rtucker@netacc.net>
Network Operations Manager, NetAccess, Inc.
http://www.netacc.net/  (585)419-8252

---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com



Relevant Pages

  • RE: Malicious web sites
    ... > This list is provided by the SecurityFocus ARIS analyzer service. ... > For more information on this free incident handling, management ... > and tracking system please see: http://aris.securityfocus.com ...
    (Incidents)
  • Re: [incident] IIS defacement through FTP, possible DoS
    ... > This list is provided by the SecurityFocus ARIS analyzer service. ... > For more information on this free incident handling, management ... > and tracking system please see: http://aris.securityfocus.com ...
    (Incidents)
  • RE: Distributed ICMP/UDP scan or attack?
    ... This list is provided by the SecurityFocus ARIS analyzer service. ... and tracking system please see: http://aris.securityfocus.com ... For more information on this free incident handling, management ...
    (Incidents)
  • Re: strange attacks - flood udp packets from 1030 to msql
    ... > This list is provided by the SecurityFocus ARIS analyzer service. ... For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ...
    (Incidents)
  • RE: Can anyone identify this backdoor?
    ... > and tracking system please see: http://aris.securityfocus.com ... This list is provided by the SecurityFocus ARIS analyzer service. ... For more information on this free incident handling, management ...
    (Incidents)