[Dshield] Port 445 storm

Korhonen Juuso juuso.korhonen at camline.fi
Sun Mar 9 16:13:39 GMT 2003

>From F-Secure WEB site:

Deloder is a network worm infecting Windows machines which have set a weak
password to the "Administrator" account. 

The worm scans random IP addresses, trying to locate Windows machines which
have port 445 accessible. Port 445 (Microsoft SMB over TCP/IP) allows
outsiders to access Windows file shares. 

This worm was found around noon GMT on Sunday 9th of March, 2003. 

Best Regards

Juuso Korhonen

-----Original Message-----
From: Mrcorp [mailto:mrcorp at yahoo.com]
Sent: 9. maaliskuuta 2003 17:05
To: General DShield Discussion List
Subject: Re: [Dshield] Port 445 storm

I have to confirm that the Honeynet setup for www.infosecwriters.com is also
receiving a
tremendous amount of port 445 probes.  Hundreds of probes from many
different ip address ranges
are hitting several of the honeypots.  


Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, more

list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
This message has been scanned by F-Secure Anti-Virus for Microsoft Exchange.

More information about the list mailing list