| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <BE95468933894D4D966D724C295E15A202370E45@mcg-ex05.mcgov.org>
From: Sonny.Discini at montgomerycountymd.gov (Discini, Sonny)
Subject: New variant of Nachi ?
On the hosts that are infected, are you seeing TCP port 707 open? This
is one of the consistant things that we are seeing. I guess it wouldn't
hurt to mention that most of the triggers here are identifying this as
W32.Welchia while others are identifying it as Nachia.
Sonny Discini
Network Security Engineer
Department of Technical Services
Enterprise Infrastructure Division
Montgomery County Government
-----Original Message-----
From: Helmut Springer [mailto:delta@...eve.uni-stuttgart.de]
Sent: Wednesday, October 29, 2003 2:59 AM
To: full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] New variant of Nachi ?
Hi,
On 29 Oct 2003 at 12:54 +0100, KF wrote:
> https://gtoc.iss.net/issEn/delivery/gtoc/index.jsp
>
> hreat Forecast
>
> Our analysts are aware of a worm actively exploiting flaws addressed
> under Microsoft Security Bulletin MS03-026 and MS03-039. This worm
> activity is consistent with a variation of the Nachi or LovSan worms.
> Once a host is infected, it will attempt to propagate outbound via
> port 445.
Has anyone seen any evidence besides this and the two postings on public
lists? No real trace after more than 24h it seems...
--
MfG/Best Regards, "If we keep our pride...
helmut springer Though paradise is lost
We will pay the price,
But we will not count the cost."
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists