lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <3F9FAA62.8040301@snosoft.com>
From: dotslash at snosoft.com (KF)
Subject: New variant of Nachi ?

Awan, Farrukh (OCTO) wrote:

> Has any body detected a new variant of the Nachi worm infecting 
> machines not patched with MS03-039. I couldn't find any details on it 
> propagation except once a host is infected, it attempts to propagate 
> via SMB over TCP (port 445). Any details on exploit code /payload...
>
>  
> Best Regards;
>  
> Farrukh Awan
>
> (202) -727-8856 (Office)
>
>  
>
> ** 
>
>  

https://gtoc.iss.net/issEn/delivery/gtoc/index.jsp

hreat Forecast

Our analysts are aware of a worm actively exploiting flaws addressed 
under Microsoft Security Bulletin MS03-026 and MS03-039. This worm 
activity is consistent with a variation of the Nachi or LovSan worms. 
Once a host is infected, it will attempt to propagate outbound via port 445.

-KF

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ