[Dshieldannounce] Rapid increase in port 3127 scans

Johannes B. Ullrich jullrich at sans.org
Wed Jan 28 21:17:59 UTC 2004


Today, we observed a rapid increase in port 3127 scans. This is likely
an attempt to find, and possibly exploit, hosts infected with
MyDoom/Novarg.

At this point, the purpose of these scans is not yet clear, but it is
likely, that the goal is to install additional malware.


If you find a MyDoom/Novarg infected host, please take extra steps to
ensure that no additional malware is present on this host. The standard
MyDoom/Novarg removal procedures will only remove the Virus, not any
additional malware that may have been installed via the backdoor.


-- 
CTO SANS Internet Storm Center               http://isc.sans.org
phone: (617) 837 2807                          jullrich at sans.org 

contact details: http://johannes.homepc.org/contact.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/dshieldannounce/attachments/20040128/695046f8/attachment-0003.bin


More information about the Dshieldannounce mailing list