John Sage <jsageat_private> wrote: > This has received some mention on the UNISOG list and elsewhere, but > not here. > > Some people have been seeing unusually high volumes of UDP:137 > probes since about 09/27/02 late, or early 09/28/02. <<snip>> There is a new network crawler that spreads via SMB, using its own code rather than depending on MPR.DLL. I hesitate to name it for, as so often happens, various AV developers have rushed out detection without talking to each other and come up with several different names. A debate to settle the official name is ongoing as I write, but check your favourite AV vendor's news or "encyclopedia" pages for the newest entries. Ohhh -- and this is _not_ Win32/BugBear.A@mm which was also new this morning and seems to have found some legs... -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Sep 30 2002 - 18:58:21 PDT