-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jesse, it appears as though we where hit by this self propogating version of multidropper-fl. http://vil.nai.com/vil/content/v_100124.htm " -- Update March 7, 2003 -- AVERT has received a new variant of this MultiDropper that tries to access other systems through Microsoft Networking, using the IPC$ share. AVERT has been not seen this work in our testing at this time. This new variant does not create the registry entry referenced below. " Cheers Danny Network Security Engineer Drexel University PGP Print: C6AD B205 E3C6 38AB 0164 6604 66F5 CCFC F4ED F1E0 PGP Key: http://akasha.irt.drexel.edu/danny.asc |->-----Original Message----- |->From: Jesse W. Asher [mailto:jasher1at_private] |->Sent: Sunday, March 09, 2003 8:06 AM |->To: Danny |->Cc: 'intrusionsat_private'; 'incidentsat_private' |->Subject: Re: New virus outbreak. |-> |-> |->Is there any more information on this? Anyone else seen anything related |->to this? How many people have checked their networks over the weekend?? |-> -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 iQA/AwUBPmy0Vmb1zPz07fHgEQJLQgCgmH80d6w6kbTw+8WydcO973yuQpoAnA8k LekbDyooH7dUshMA2o356guU =gBWd -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- <Pre>Lose another weekend managing your IDS? Take back your personal time. 15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
This archive was generated by hypermail 2b30 : Mon Mar 10 2003 - 09:40:05 PST