Re: Increase in Source to Port 445
From: aladin168 (aladin168@hotmail.com)
Date: 04/03/03
- Previous message: Joshua Wright: "RE: UDP traffic to net and broadcast addresses"
- Maybe in reply to: Rob Keown: "Increase in Source to Port 445"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 3 Apr 2003 19:45:07 -0000 From: aladin168 <aladin168@hotmail.com> To: incidents@securityfocus.com('binary' encoding is not supported, stored as-is) In-Reply-To: <F7B823B2B5C9544CACAB8B59DD6872B30114B47F@email.macdirect.com>
Although there are many Deloder worms causing port 445 traffic, the new
worm, W32.HLLW.Cult.C@mm, may be the real cause of this. Symantec has an
analysis from 4/2/2003:
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.cult.c@mm.
html
/Kyle
Kyle Lai, CISSP, CISA
KLC Consulting, Inc.
klai@klcconsulting.net
www.klcconsulting.net
>From: Rob Keown <Keown@MACDIRECT.COM>
>To: incidents@securityfocus.com
>Subject: Increase in Source to Port 445
>Date: Tue, 1 Apr 2003 21:54:58 -0500
>MIME-Version: 1.0
>We are observing an increase in port 445 traffic from a much wider group
of
>sources than what we have seen over the last few weeks.
>
>Anyone else observing this?
>
>Rob Keown
>
----------------------------------------------------------------------------
Powerful Anti-Spam Management and More...
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.securityfocus.com/SurfControl-incidents
- Previous message: Joshua Wright: "RE: UDP traffic to net and broadcast addresses"
- Maybe in reply to: Rob Keown: "Increase in Source to Port 445"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
