[Dshieldannounce] Rapid increase in port 3127 scans
Johannes B. Ullrich
jullrich at sans.org
Wed Jan 28 21:17:59 UTC 2004
Today, we observed a rapid increase in port 3127 scans. This is likely
an attempt to find, and possibly exploit, hosts infected with
At this point, the purpose of these scans is not yet clear, but it is
likely, that the goal is to install additional malware.
If you find a MyDoom/Novarg infected host, please take extra steps to
ensure that no additional malware is present on this host. The standard
MyDoom/Novarg removal procedures will only remove the Virus, not any
additional malware that may have been installed via the backdoor.
CTO SANS Internet Storm Center http://isc.sans.org
phone: (617) 837 2807 jullrich at sans.org
contact details: http://johannes.homepc.org/contact.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/dshieldannounce/attachments/20040128/695046f8/attachment-0003.bin
More information about the Dshieldannounce