[Dshield] Port 445 storm

Korhonen Juuso juuso.korhonen at camline.fi
Sun Mar 9 16:13:39 GMT 2003


>From F-Secure WEB site:

Deloder is a network worm infecting Windows machines which have set a weak
password to the "Administrator" account. 

The worm scans random IP addresses, trying to locate Windows machines which
have port 445 accessible. Port 445 (Microsoft SMB over TCP/IP) allows
outsiders to access Windows file shares. 

This worm was found around noon GMT on Sunday 9th of March, 2003. 


Best Regards

Juuso Korhonen


-----Original Message-----
From: Mrcorp [mailto:mrcorp at yahoo.com]
Sent: 9. maaliskuuta 2003 17:05
To: General DShield Discussion List
Subject: Re: [Dshield] Port 445 storm


I have to confirm that the Honeynet setup for www.infosecwriters.com is also
receiving a
tremendous amount of port 445 probes.  Hundreds of probes from many
different ip address ranges
are hitting several of the honeypots.  

mrcorp


__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, more
http://taxes.yahoo.com/

_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
****************************************************************************
This message has been scanned by F-Secure Anti-Virus for Microsoft Exchange.
****************************************************************************



More information about the list mailing list