Emeric Miszti wrote: >On Monday 30 Sep 2002 9:33 am, Mark Forsyth wrote: > >>On Monday, September 30, 2002 9:02 AM, John Sage >>[SMTP:jsageat_private] wrote: >> >>>This has received some mention on the UNISOG list and elsewhere, but >>>not here. >>> >>>Some people have been seeing unusually high volumes of UDP:137 probes >>>since about 09/27/02 late, or early 09/28/02. >>> <snip> >>> > >Been seeing exactly the same spike with same patterns. Up from 40 odd scans on >28/9/2002 to 495 already today. > >Incidents.org have picked this up at the Internet Storm Center > >http://isc.incidents.org/port_details.html?port=137 > >No explanations or reasons been given by anyone yet. > This might be W32/Bubbear@MM , which spreads by SMTP and network shares:* * http://vil.nai.com/vil/content/v_99728.htm http://www.sophos.com/virusinfo/analyses/w32bugbeara.html Chris -------------------------------------------------------------------- Christopher Albert Responsable des services informatiques Departement de mathematiques et de statistique Universite de Montreal bureau 6188, Pavillon Andre-Aisenstadt Tel: (514) 343-2281 Fax: (514) 343-5700 -------------------------------------------------------------------- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Sep 30 2002 - 18:55:30 PDT