The Internet Storm Center also notes two
items...
That a new-ish botnet has been found:
Previously, that there is elevated port scanning for
139/TCP:
In that second link, they note two malwares that are
attacking the "Server" service that Microsoft patched most recently in August
with MS06-040:
Andrew 8)
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew
Sent: Thursday, August 31, 2006 8:59 AM
To: declude.virus@declude.com
Subject: RE: [Declude.Virus] new virus?My logs tell me that we received more than the usual number of viruses yesterday. These were split into two groups, a version of Bagle that was released back in June, and a new worm which Trend Micro calls WORM_STRATION.BDIn the samples I looked at, the messages were fake bounces with an executable attachment which had a.dat.pif extension.Here's the writeup on that:Andrew 8)
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Karen Mitchell
Sent: Wednesday, August 30, 2006 2:01 PM
To: declude.virus@declude.com
Subject: [Declude.Virus] new virus?I am seeing lots of .com attachments blocked with Declude. Random two word subject from many different ip addresses. Is anyone else seeing them?Karen M. Mitchell
Senior NewMedia Systems Administrator
AccuWeather, Inc.
385 Science Park Road
State College, PA 16803
814-235-8698
"Get the best weather on the web" - http://www.accuweather.com
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
