[unisog] Full-on LSASS worm? [was: Apparent spread of LSASS exploitation]

Julian Y. Koh kohster at northwestern.edu
Thu Apr 29 19:47:45 GMT 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 14:27 -0500 4/29/2004, David Ressman wrote:
>Greetings,
>
>In the last two hours, we've seen a bunch of hosts all start scanning
>out for ports 2745, 135, 1025, 445, 80, 3127, 139, 1433, and 5000.

We've got a large outbreak of that here.  Most of the machines appear to have
some variant of Gaobot.  The latest, I believe, is Gaobot.AFJ according to
Symantec.


-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3
Comment: <http://bunnytoaster.nsg.northwestern.edu/julian/pgppubkey.html>

iQA/AwUBQJFNyQ5UB5zJHgFjEQIlrQCgro5QWC4AXaHCL6+Ky0VsnMWlJoQAoI0h
1yX/FP2M8xjjWq7PHpjjWAQM
=1r+9
-----END PGP SIGNATURE-----

-- 
Julian Y. Koh                                 <mailto:kohster at northwestern.edu>
Network Engineer                                           <phone:847-467-5780>
Telecommunications and Network Services                 Northwestern University
PGP Public Key:<http://bunnytoaster.nsg.northwestern.edu/julian/pgppubkey.html>



More information about the unisog mailing list