[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] spoolcll.exe - new worm being distributed via mysql vulnerability?
- To: Mike Bailey <worried@xxxxxxxxx>
- Subject: Re: [Full-Disclosure] spoolcll.exe - new worm being distributed via mysql vulnerability?
- From: Jeremy Davis <jdaytona@xxxxxxxxx>
- Date: Thu, 27 Jan 2005 12:23:20 -0500
Check out todays diary at SANS.
http://isc.sans.org/
On Thu, 27 Jan 2005 00:18:21 -0500, Mike Bailey <worried@xxxxxxxxx> wrote:
> Aloha,
>
> Earlier tonight, i was sitting here at home doing some normal
> browsing, and work and my firewall alerted me that a program called
> spoolcll.exe was attempting to open up a port which i cannot remember
> now.
>
> i tried killing it, but it just came back, over and over again each
> time spawning itselfs on a new port.
>
> Registry says the worm created a service called "evmon", it cannot be
> paused or stopped, but it can be disabled.
>
> The only information about this worm on google is a discussion at the
> following url: http://forums.whirlpool.net.au/forum-replies.cfm?t=291921&p=1
> they are beginning to determinthat it is being distributed via a hole
> in mysql.
>
> Do any of you know anything about this? Thanks in advance.
>
> --
> Love,
> Mike Bailey
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html