12 Oct 2005 22:43
(fwd) [unisog] possible worm heads up ...
Yann Berthier <yb <at> bashibuzuk.net>
2005-10-12 20:43:31 GMT
2005-10-12 20:43:31 GMT
Just in case, it may be a good time to check for increases in MS
traffic ...
- yann
----- Forwarded message from Peter Van Epp <vanepp <at> sfu.ca> -----
From: Peter Van Epp <vanepp <at> sfu.ca>
Subject: [unisog] possible worm heads up ...
To: unisog <at> lists.sans.org
>From yb Wed Oct 12 22:29:38 2005
X-Original-To: yb <at> bashibuzuk.net
Delivered-To: yb <at> glou.net
Date: Wed, 12 Oct 2005 13:23:30 -0700
User-Agent: Mutt/1.5.6i
X-Virus-Scanned: by antibody.sfu.ca running antivirus scanner
X-Mailman-Approved-At: Wed, 12 Oct 2005 20:27:30 +0000
X-BeenThere: unisog <at> lists.sans.org
X-Mailman-Version: 2.1.6
Reply-To: UNIversity Security Operations Group <unisog <at> lists.sans.org>
List-Id: UNIversity Security Operations Group <unisog.lists.sans.org>
List-Unsubscribe: <http://www.dshield.org/mailman/listinfo/unisog>,
<mailto:unisog-request <at> lists.sans.org?subject=unsubscribe>
List-Archive: <http://www.dshield.org/pipermail/unisog>
List-Post: <mailto:unisog <at> lists.sans.org>
List-Help: <mailto:unisog-request <at> lists.sans.org?subject=help>
List-Subscribe: <http://www.dshield.org/mailman/listinfo/unisog>,
<mailto:unisog-request <at> lists.sans.org?subject=subscribe>
Errors-To: unisog-bounces <at> lists.sans.org
I just whacked around 40 machines that suddenly started scanning on
135 and 445 (luckily blocked to off campus). I'm guessing a new worm from
the Microsoft updates a day or two ago although I have no information other
than they are scanning on 135 and 445 with 445 predominating at the moment ...
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
_______________________________________________
unisog mailing list
unisog <at> lists.sans.org
http://www.dshield.org/mailman/listinfo/unisog
----- End forwarded message -----
RSS Feed