just got spammed by some bot in irc, followed the link back down, figured
somebody here might be interested in it the address is:
(and DO NOT use IE to browse any further than the root of the server, the root
might even be infected with some some such nasty, i dunno);
http://12.230.121.121/
so
Well, I've gone and done it again.
Roughly 11 hours ago we had a problem with a message
index getting corrupted so I regenerated the
archives using mailman's "arch" utility after fixing
the damaged message.
While that seemed to clear up the problem it also
managed to change every url within the
cox does block port 445 also, but i havent seen any
exploits that use that port. even though its said that
port 445 is vulnerable, where is the POC?
--- Kurt Seifried <[EMAIL PROTECTED]> wrote:
> Off topic:
>
> This won't help much at all. Windows 2000/XP run
> Microsoft SMB over TCP on
> 445 as
[EMAIL PROTECTED] wrote:
> cox does block port 445 also, but i havent seen any
> exploits that use that port. even though its said that
> port 445 is vulnerable, where is the POC?
Well, regardless of whether there are any DCOM RPC exploits or worms
based thereon using 445 or not, there certainly
Off topic:
This won't help much at all. Windows 2000/XP run Microsoft SMB over TCP on
445 as well (reduced overhead then 135/etc, no NetBIOS layer). When a client
tries to connect to a remote host for file/print sharing/etc it connects on
both ports 135 and 445, if a response is recieved from port
Do not know where this came from
Regards,
Edward W. Ray
SANS GCIA, GCIH
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Edward W. Ray
Sent: Sunday, August 10, 2003 10:28 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: +SPA
"Jason Coombs" writes:
> > Had the distribution binaries been modified, ISS may well
> > have been bankrupted by customer lawsuits for negligence.
>
> Perhaps you could cite a legal case somewhere in the world that backs up
this
> assertion. To my knowledge nobody has ever lost a penny in court due
i confirm what joey said, the actual version do not
replicate itself, but it's very very easy to a
malicious lamer, to add options and commands to make a
harder worm.
indeed, the new version of the irc "worm" uses the
universal offsets
(http://www.k-otik.com/exploits/08.07.oc192-dcom.c.php)
wich m
I did a search for Optix Pro and turned out a site that develops the
software. From what I can tell it's very similar to software based
trojans like bo2k, netbus ect...A detailed explanation of the trojan can
be found at this url
http://www.esecurityplanet.com/alerts/article.php/2197521 . The
As previously noted, the problem here seems to be with the f-prot
binary, not the actual virus signatures/definitions. Try upgrading
the f-prot package, and it'll probably work fine.
-Nik
[EMAIL PROTECTED] quoth:
> >>I cannot see anything "special" in the MIME structure of Mimail that would
> >>
10 matches
Mail list logo
