[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] New variant of Nachi ?

To: "Awan, Farrukh (OCTO)" <Farrukh.Awan@dc.gov>
Subject: Re: [Full-Disclosure] New variant of Nachi ?
From: KF <dotslash@snosoft.com>
Date: Wed, 29 Oct 2003 06:54:10 -0500

Awan, Farrukh (OCTO) wrote:

Has any body detected a new variant of the Nachi worm infecting machines not patched with MS03-039. I couldn't find any details on it propagation except once a host is infected, it attempts to propagate via SMB over TCP (port 445). Any details on exploit code /payload...

Best Regards; Farrukh Awan

(202) -727-8856 (Office)

**

https://gtoc.iss.net/issEn/delivery/gtoc/index.jsp

hreat Forecast

Our analysts are aware of a worm actively exploiting flaws addressed under Microsoft Security Bulletin MS03-026 and MS03-039. This worm activity is consistent with a variation of the Nachi or LovSan worms. Once a host is infected, it will attempt to propagate outbound via port 445.

-KF

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] New variant of Nachi ?
  - From: Helmut Springer <delta@faveve.uni-stuttgart.de>

References:
- [Full-Disclosure] New variant of Nachi ?
  - From: "Awan, Farrukh (OCTO)" <Farrukh.Awan@dc.gov>

Prev by Date: Re: [Full-Disclosure] sharp increase on 27347/TCP
Next by Date: Re: [Full-Disclosure] Has anyone heard about a new rpc vulnerability
Previous by thread: [Full-Disclosure] New variant of Nachi ?
Next by thread: Re: [Full-Disclosure] New variant of Nachi ?
Index(es):
- Date
- Thread