[unisog] New Worm?
Bob Henry
bhenry at boisestate.edu
Fri Feb 1 17:39:02 GMT 2008
We are spotting a growing list of machines sweeping several subnets
like this:
First, try a Ping:
if get a response, try 2 times
if no response, try 4 times
Next, send an NBSTAT -a packet, full of <00> (or AA)
if no response, try 3 times
All windows boxes, none show viruses when scanned with our Symantec
Enterprise AV, no rootkits according to rootkit revealer and sophos. 8
out of 50 (or so) show up in our Facetime logs trying to phone home, so
they have adware on them.
Has anyone seen anything like this and what was your response?
Robert Henry, CISSP, GCIH
Information Security Officer
Office of Information Technology
Boise State University
208-426-5701
bhenry at boisestate.edu
http://boisestate.edu/oit/iso
More information about the unisog
mailing list