RE: [Firewalls] Re: Sudden torrent of ZoneAlarm alerts re: UDP port 137 - Any ideas?
From: Bill Lavalette (billl@cyberbase7.com)Date: 10/04/02
- Next message: yuck: "Zone Alarm Newbie Question"
- Previous message: CAS: "ZoneAlarm Plus & DHCP Server"
- In reply to: m: "Re: Sudden torrent of ZoneAlarm alerts re: UDP port 137 - Any ideas?"
- Next in thread: : "Re: [Firewalls] Re: Sudden torrent of ZoneAlarm alerts re: UDP port 137 - Any ideas?"
- Reply: : "Re: [Firewalls] Re: Sudden torrent of ZoneAlarm alerts re: UDP port 137 - Any ideas?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Bill Lavalette" <billl@cyberbase7.com> Date: Thu, 03 Oct 2002 23:44:48 GMT
Hello --
You are being scanned by a internet worm called Open Share Worm ... What
this does is search the internet for open Microsoft windows shares. it then
infects the machine and uses it to start scanning for other vulnerable
machines... here is more information on it...
Here's more info about that open share worm:
SCRSVR.EXE, identified as ("older" identifications included) ...
CA Vet RESCUE : Win32.Opaserv.A (trojan)
Dialogue Science DrWebWCL : Win32.HLLW.Opasoft
ESET NOD32DOS : Win32/Opaserv.A
GeCAD RAVAV : Win32/Opaserv.A.worm
Ikarus PSCAN : Worm.Psp.Opasoft.A
Kaspersky Lab KAVDOS32 : Backdoor.Opasoft ->
Worm.Win32.Opasoft.a
McAfee SCANPM : BackDoor-ALB -> W32/Scrup.worm ->
W95/Scrup.worm
Norman NVC : W32/Opaserv.A
Panda Antivirus PAVCL : Bck/Opasoft -> W32/Opaserv
SOFTWIN BDDOSC : Trojan.Omageneer.A ->
Win32.Worm.Opaserv.A
Sophos SWEEP : W32/Opaserv-A
Symantec NAV CE VSCAND : W32.Opaserv.Worm
Trend Micro VSCAN32 : BKDR_OPASOFT.A -> WORM_OPASOFT.A
it might be wise to configure your firewalls to block NBT to your servers
and workstations some people leave this open as it makes remote access to
windows networks much easier. As you can see this would be bad.
http://www.cyberbase7.com shows this as a threat level 1 for those networks
with this open.. if your not sure if your vulnerable you can do a free host
scan from that web site... accessible by registered users only (registration
is free )
Hope this helps Answer your Question Mike...
Regards,
Bill
-----Original Message-----
From: firewalls-admin@section5.cyberbase7.com
[mailto:firewalls-admin@section5.cyberbase7.com]On Behalf Of m
Sent: Thursday, October 03, 2002 4:02 PM
To: firewalls@section5.cyberbase7.com
Subject: [Firewalls] Re: Sudden torrent of ZoneAlarm alerts re: UDP port
137 - Any ideas?
Come on someone clever out there, find out what is happening PLEASE!
I've had another 15 in the last hour
Mike
geye34@adelphia.com wrote:
> On Thu, 03 Oct 2002 17:43:33 GMT, "mhicaoidh"
> <mhic_aoidh@hotmail.NïX.com.SPäM> wrote:
>
> >Taking a moment's reflection, Kate Brown mused:
> >|
> >| I'm not getting anything (ADSL, W98, ZA not Pro). Am I doing something
> >| wrong?
> >
> > Probably not. I haven't seen anything on my 137 port coming in
either.
> I've had close to 600 port 137 alerts in the past 6 days !!!
_______________________________________________
Firewalls mailing list
Firewalls@section5.cyberbase7.com
http://section5.cyberbase7.com/mailman/listinfo/firewalls
- Next message: yuck: "Zone Alarm Newbie Question"
- Previous message: CAS: "ZoneAlarm Plus & DHCP Server"
- In reply to: m: "Re: Sudden torrent of ZoneAlarm alerts re: UDP port 137 - Any ideas?"
- Next in thread: : "Re: [Firewalls] Re: Sudden torrent of ZoneAlarm alerts re: UDP port 137 - Any ideas?"
- Reply: : "Re: [Firewalls] Re: Sudden torrent of ZoneAlarm alerts re: UDP port 137 - Any ideas?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
