Iraq Oil worm

From: Stephen Friedl (steveat_private)
Date: Mon Dec 16 2002 - 16:04:57 PST

Next message: David Gillett: "New CIFS (port 445) worm?"

Previous message: OBrien, Brennan: "RE: Worm on 445/tcp?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello list,

Lawrence Baldwin's myNetWatchman service has detected a new worm
spreading around, "Iraq Oil", that infects Windows servers over
445/tcp. Advisory here:

http://www.mynetwatchman.com/kb/security/articles/iraqiworm/index.htm

Detailed reverse engineering found at

	http://www.unixwiz.net/iraqworm/ (work still in progress)

Steve

--- 
Stephen J Friedl | Software Consultant | Tustin, CA |   +1 714 544-6561
www.unixwiz.net  | I speak for me only |   KA8CMY   | steveat_private

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: David Gillett: "New CIFS (port 445) worm?"
Previous message: OBrien, Brennan: "RE: Worm on 445/tcp?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Dec 18 2002 - 12:27:54 PST