Thanks Raj! I'll post to CRIME in any event. Geo -----Original Message----- From: RAMAKRISHNAN Ranjit * DAS IRMD [mailto:Ranjit.Ramakrishnan@private] Sent: Monday, August 11, 2003 2:53 PM To: George Heuston Subject: FW: NASCIO - Security - AlertCon 3 for ISS and the IT-ISAC May already be aware of this ISS alert. Ranjit Ramakrishnan, CISSP State CISO Information Resources Management Division ranjit.ramakrishnan@private Ph: (503) 378 4127 Fx: (503) 378 3795 -----Original Message----- From: Allor, Peter (ISS Atlanta) [mailto:PAllor@private] Sent: Monday, August 11, 2003 2:22 PM To: security@private Subject: NASCIO - Security - AlertCon 3 for ISS and the IT-ISAC ATTN: NASCIO Security listserv members ----------- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We have raised the AlertCon to 3. The worm known as "MS BLAST", which is consistent with characteristics of an RPC DCOM worm, is actively propagating across the Internet. Our analysts have observed an average of 100 hits per second. Furthermore, Microsoft is currently under a DDoS (Distributed Denial of Service attack). This specimen scans in a sequential fashion for machines with open port 135, uses multiple TFTP servers to pull the binary and adds a registry key to initiate itself upon reboot. Our analysts are observing increased scanning efforts on port 135 at this time. For further details, please review the X-Force Alert <http://xforce.iss.net/xforce/alerts/id/147> Regards, Peter -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.2 iQA/AwUBPzgI/P1TrpsA3RjTEQI/5ACgjf5mI9xEoxAVwzzWmZqvep0JZL0An2UT GptmCOpouKhu9akJ1iAceuxO =8MH1 -----END PGP SIGNATURE----- ----------- 1) To manage any aspect of your list membership, please visit http://listserv.transdig.com:81/guest/RemoteListSummary/nasciosecurity 2) To request an up-to-date roster of listserv subscribers send a new message to "security-request@private" with the word "who" in the body of the message.
This archive was generated by hypermail 2b30 : Mon Aug 11 2003 - 18:02:53 PDT