Iraq Oil worm
From: Stephen Friedl (steve@unixwiz.net)
Date: 12/17/02
- Previous message: James-lists: "fswserv.html ????"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 16 Dec 2002 16:04:57 -0800 From: Stephen Friedl <steve@unixwiz.net> To: incidents@securityfocus.com
Hello list,
Lawrence Baldwin's myNetWatchman service has detected a new worm
spreading around, "Iraq Oil", that infects Windows servers over
445/tcp. Advisory here:
http://www.mynetwatchman.com/kb/security/articles/iraqiworm/index.htm
Detailed reverse engineering found at
http://www.unixwiz.net/iraqworm/ (work still in progress)
Steve
---
Stephen J Friedl | Software Consultant | Tustin, CA | +1 714 544-6561
www.unixwiz.net | I speak for me only | KA8CMY | steve@unixwiz.net
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Next message: Scott A.McIntyre: "Worm on 445/tcp?"
- Previous message: James-lists: "fswserv.html ????"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
