This is the w32.Nachi worm. The worm that is supposed to find machines infected with MS.blaster, remove blaster and patch the system. The big problem is that it causes a DOS condition looking for infected machines. It also infects machines that never had the blaster worm. It causes more harm than good. McAffee's latest dat file will remove it. It is much more infectious than MS.Blaster. -----Original Message----- From: Jeff Kell [mailto:jeff-kellat_private] Sent: Tuesday, August 19, 2003 2:39 AM To: dunhamkat_private Cc: Dan Hanson; Ken Eichman; incidentsat_private Subject: Re: Increasing ICMP Echo Requests Ken Dunham wrote: > It opens TCP port 707. doesn't sound nice to me. This is the bothersome part. If it keeps a shell bound to 707 then it is definitely malicious, despite the sugar coating. Jeff --------------------------------------------------------------------------- Captus Networks - Integrated Intrusion Prevention and Traffic Shaping - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Automatically Control P2P, IM and Spam Traffic - Ensure Reliable Performance of Mission Critical Applications - Precisely Define and Implement Network Security and Performance Policies **FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo Visit us at: http://www.securityfocus.com/sponsor/CaptusNetworks_incidents_030814 ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Captus Networks - Integrated Intrusion Prevention and Traffic Shaping - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Automatically Control P2P, IM and Spam Traffic - Ensure Reliable Performance of Mission Critical Applications - Precisely Define and Implement Network Security and Performance Policies **FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo Visit us at: http://www.securityfocus.com/sponsor/CaptusNetworks_incidents_030814 ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue Aug 19 2003 - 20:36:29 PDT