Joe Stewart wrote:
Scans port 135 for MS03-039 DCOM2 vulnerability
Scans port 139 for MS03-049 Workstation vulnerability
Scans port 1433 for weak MSSQL administrator passwords
Scans port 2082 for CPanel vulnerability (OSVDB ID: 4205)
Scans port 2745 for backdoor left by the Bagle Virus
On Friday 23 April 2004 5:27 am, Tomokazu Suzuki wrote:
Joe Stewart wrote:
Scans port 135 for MS03-039 DCOM2 vulnerability
Scans port 139 for MS03-049 Workstation vulnerability
Scans port 1433 for weak MSSQL administrator passwords
Scans port 2082 for CPanel vulnerability (OSVDB ID: 4205)
Sound familiar to anyone?
Today catched worm wmiprvsw.exe. This worm incorporates
stealth capabilities - it hides it's process in memory and
also it's exe is not seen in directory listing, when worm
is active. Although it does not hide registry entries, it
shuts down regedit, when regedit is
-Disclosure] Re: Outbreak of a virus on campus, scanning tcp
80/6129/1025/3127
Date: Fri, 23 Apr 2004 10:38:23 -0500
Sound familiar to anyone?
Today catched worm wmiprvsw.exe. This worm incorporates
stealth capabilities - it hides it's process in memory and
also it's exe is not seen
Hi,
we've experienced this worm too, and disinfected it as a new variant of
Agobot (Gaobot). Basically it exploits poorly protected windows shared,
RCP Dcom bug in windows etc. (most of the people infected had admin/admin
login/passwords on their computers with default C$ share. Combine this
with
