Re: Increase in Source to Port 445

From: aladin168 (aladin168@hotmail.com)
Date: 04/03/03

  • Next message: Benjamin Tomhave: "RECAP: possible rootkit, maybe partial?"
    Date: 3 Apr 2003 19:45:07 -0000
    From: aladin168 <aladin168@hotmail.com>
    To: incidents@securityfocus.com
    
    
    ('binary' encoding is not supported, stored as-is) In-Reply-To: <F7B823B2B5C9544CACAB8B59DD6872B30114B47F@email.macdirect.com>

    Although there are many Deloder worms causing port 445 traffic, the new
    worm, W32.HLLW.Cult.C@mm, may be the real cause of this. Symantec has an
    analysis from 4/2/2003:
    http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.cult.c@mm.
    html

    /Kyle
    Kyle Lai, CISSP, CISA
    KLC Consulting, Inc.
    klai@klcconsulting.net
    www.klcconsulting.net

    >From: Rob Keown <Keown@MACDIRECT.COM>
    >To: incidents@securityfocus.com
    >Subject: Increase in Source to Port 445
    >Date: Tue, 1 Apr 2003 21:54:58 -0500
    >MIME-Version: 1.0

    >We are observing an increase in port 445 traffic from a much wider group
    of
    >sources than what we have seen over the last few weeks.
    >
    >Anyone else observing this?
    >
    >Rob Keown
    >

    ----------------------------------------------------------------------------
    Powerful Anti-Spam Management and More...
    SurfControl E-mail Filter puts the brakes on spam,
    viruses and malicious code. Safeguard your business
    critical communications. Download a free 30-day trial:
    http://www.securityfocus.com/SurfControl-incidents


  • Next message: Benjamin Tomhave: "RECAP: possible rootkit, maybe partial?"