RE: New virus outbreak.

From: Danny (Danny@drexel.edu)
Date: 03/10/03

  • Next message: Curt Wilson: "Bypassing Black Ice PC protection?" 
    From: Danny <Danny@drexel.edu>
To: "'Jesse W. Asher'" <jasher1@tampabay.rr.com>
Date: Mon, 10 Mar 2003 10:47:18 -0500

     
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Jesse, it appears as though we where hit by this self propogating version of multidropper-fl.
     
    http://vil.nai.com/vil/content/v_100124.htm

    " -- Update March 7, 2003 --
    AVERT has received a new variant of this MultiDropper that tries to access other systems through Microsoft Networking, using the IPC$ share. AVERT has been not seen this work in our testing at this time. This new variant does not create the registry entry referenced below. "

    Cheers
    Danny
    Network Security Engineer
    Drexel University
    PGP Print: C6AD B205 E3C6 38AB 0164 6604 66F5 CCFC F4ED F1E0
    PGP Key: http://akasha.irt.drexel.edu/danny.asc
     

    |->-----Original Message-----
    |->From: Jesse W. Asher [mailto:jasher1@tampabay.rr.com]
    |->Sent: Sunday, March 09, 2003 8:06 AM
    |->To: Danny
    |->Cc: 'intrusions@incidents.org'; 'incidents@securityfocus.com'
    |->Subject: Re: New virus outbreak.
    |->
    |->
    |->Is there any more information on this? Anyone else seen anything related
    |->to this? How many people have checked their networks over the weekend??
    |->

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.0

    iQA/AwUBPmy0Vmb1zPz07fHgEQJLQgCgmH80d6w6kbTw+8WydcO973yuQpoAnA8k
    LekbDyooH7dUshMA2o356guU
    =gBWd
    -----END PGP SIGNATURE-----

    ----------------------------------------------------------------------------

    <Pre>Lose another weekend managing your IDS?
    Take back your personal time.
    15-day free trial of StillSecure Border Guard.</Pre>
    <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>

  • Next message: Curt Wilson: "Bypassing Black Ice PC protection?"