[Dshieldannounce] Rapid increase in port 3127 scans
Johannes B. Ullrich
jullrich at sans.org
Wed Jan 28 21:17:59 UTC 2004
Today, we observed a rapid increase in port 3127 scans. This is likely
an attempt to find, and possibly exploit, hosts infected with
MyDoom/Novarg.
At this point, the purpose of these scans is not yet clear, but it is
likely, that the goal is to install additional malware.
If you find a MyDoom/Novarg infected host, please take extra steps to
ensure that no additional malware is present on this host. The standard
MyDoom/Novarg removal procedures will only remove the Virus, not any
additional malware that may have been installed via the backdoor.
--
CTO SANS Internet Storm Center http://isc.sans.org
phone: (617) 837 2807 jullrich at sans.org
contact details: http://johannes.homepc.org/contact.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/dshieldannounce/attachments/20040128/695046f8/attachment-0003.bin
More information about the Dshieldannounce
mailing list