lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
From: mueller at fidnet.com (RMueller)
Subject: Re: Outbreak of a virus on campus

 

>>>>>>>>>>>>>>>>>>>>>> 

>>>>>>>>>>>>>>>>>>>>>>>>>>.

Message: 8

From: "Willem Koenings" <isec@...ope.com>

To: full-disclosure@...ts.netsys.com

Date: Fri, 23 Apr 2004 10:38:23 -0500

Subject: [Full-Disclosure] Re: Outbreak of a virus on campus, scanning tcp
80/6129/1025/3127

 

 

> Sound familiar to anyone?

 

Today catched worm wmiprvsw.exe. This worm incorporates stealth capabilities
- it hides it's process in memory and also it's exe is not seen in directory
listing, when worm is active. Although it does not hide registry entries, it
shuts down regedit, when regedit is executed.  It creates two registry
entries 'System Updater Service' under Run and RunServices.

 

Then it starts scan following ports :

 

2745

135

1025

445

3127

6129

139

3140

 

Thats all for now - weekend :)

 

W.

--

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>..

>>>>>>>>>>>>>>>>>>>>>>>>>>> 

 

 

Oh great, leave me hanging till Monday.

 

 

thank you

Randall M

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040424/7058cf28/attachment.html

Powered by blists - more mailing lists