|
This has all come up in the past 15 minutes. Thought
everyone should know about it and be on guard. There appears to be a new
variant of the ago/gao/polybot worm and we definitely have something going on
around here. As we're a university, that means its probably going on
outside our border(s) as well.
Heads Up,
Steve in Memphis
|
--- Begin Message --- The following computers have been attempting to brute force passwords on some of our windows servers(none have been compromised)...if the appropriate LSP's could check for viruses and/or disconnect I would appreciate it.
BA450D01 - 141.225.101.59 URRANJHA-14 - 141.225.204.142 LS501-SGOODWIN - 141.225.109.232 WD205PC4 - 141.225.129.229
Thanks, Roy ISST
--- End Message ---
--- Begin Message --- We may be seeing a new worm spreading via email. I have gotten 5 or 6 messages with a message line similar to the following "Delivery failure notice (ID-00001701)" Most have been sent to easily obtainable and often used university email addresses such as Helpdek, ALC, profweb and others. There is usually a file attached that looks like a url but is an executable file. The file is usually named something like www.memphis.edu(somedepartment)...1234.com. I have not seen anything on symantec's site yet but will keep looking. I have a copy of the bug isolated on a Mac and am going to give a copy to Liliana to dissect.
Allen Elliotte
Technical Systems Consultant
Client Support Services
University of Memphis
--- End Message ---
--- Begin Message ---
Virus update
A new variant of and old worm is circulating. The virus definitions older than 4/17/04 will not detect this worm. Please do definitions update by clicking "live update" from within your anti virus program (assuming everyone has some version of Norton Anti Virus installed)
The latest definitions will catch this worm if it resides on your system. Symptoms include generally slow response to mouse of keyboard commands.
The worm variant is named: w32.hllw.gaobot.Gen
NAV will quarantine it from the system if the definitions are updated. Let us know if any of this is unclear. Please log a call at http://helpdesk.memphis.edu/cob/submit.html if you have any trouble.
regards,
Ramsan
--- End Message ---
