Port 137 probes
From: Bubsy (pizzapowered@yahoo.com)Date: 10/01/02
- Previous message: Richard.Grant@mail.state.ky.us: "RE: Unusual volume: UDP:137 probes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 1 Oct 2002 06:11:42 -0000 From: Bubsy <pizzapowered@yahoo.com> To: incidents@securityfocus.com('binary' encoding is not supported, stored as-is)
After I saw that you guys were getting more port 137's than usual, I
looked at my logs. I found that I was also getting far more port 137's
than usual :) so I took a break from what I was doing to see what was up.
The remote port was almost always 1025, and the suspect only sent one
attempt each time. I did the 10 second look on a suspect machine with an
open share and found scrsvr.exe , which I believe to be the culprit, it
seems so cut and dried that I'm not even gonna sandbox it. Read more here -
http://vil.mcafee.com/dispVirus.asp?virus_k=99729
Well, there ya go, comes to life ~the 28th, bang boom zoom.
All good things to all good people!
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: Richard.Grant@mail.state.ky.us: "RE: Unusual volume: UDP:137 probes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
