[Dshield] FW: New virus alert: W32/Bugbear.B-mm

Deb Hale haled at pionet.net
Thu Jun 5 17:20:49 GMT 2003


 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I am curious - just looked back at isc.sans.org to the article about the port 137 scan increases "We now believe that these port 137 scans are due to the 'Bugbear' mass mailing virus and the 'Scrup' worm".  Could this be what we have been seeing the last few days with the increase in port 137?

Deborah F Hale
Certified Business Continuity Professional
BCP Enterprise, Inc
Telephone: (712) 252-0361
www.bcpenterprise.com
 


- -----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On Behalf Of Blake McNeill
Sent: Thursday, June 05, 2003 12:00 PM
To: General DShield Discussion List
Subject: Re: [Dshield] FW: New virus alert: W32/Bugbear.B-mm


This was one that was sent to me this morning.  Think of this in a corporate environment as I'm betting it would be rather successful unfortunately.

- --------------------
Subject: WebSMART TICKET 300 OPEN
Attachment: 3d.zip.pif
- --------------------

Ticket Number: 300 Ticket Status:OPEN


Problem Started: 10.00    Day:  Trith  04/03/2003
 
Problem Closed:
  
Problem Description : Den exoume labei nea apo to makedoniko praktoreio.

Actions: O k .Maleas exei erthei se epikoinwnia me texnikous tou M.P.A. Parola auta to problhma ejakolouthei na ufistatai.


Time to Fix: Agnwsto
- --------------------


Does anyone have a list of viruses/worms that commonly scan UDP port 137 as part of their network infection process?

Blake
http://www.SonicLogger.com - Logging Software for SonicWall http://www.LinkLogger.com - Logging Software for Linksys, Netgear and Zyxel


- ----- Original Message ----- 
From: "Johannes B. Ullrich" <jullrich at sans.org>
> 
> This one is fun in that it includes random excerpts and subjects from 
> the infected persons e-mail client (remember Sircam?). The first one I 
> got was a message with excerpts about a HIPAA compliance discussion 
> ;-)
> 
_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list


-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQA/AwUBPt978TxOOHZjYde8EQJbggCeL9gwP7HT0DyWLnhdkvHykZhxcI4An0Na
FopxcVBgPzxawJ7E+7mLPp6U
=5SUU
-----END PGP SIGNATURE-----





More information about the list mailing list