[Dshield] MS05-039 Attack -- Info

Chad Giulini chad.giulini at gmail.com
Mon Aug 15 17:59:21 GMT 2005


On 8/15/05, Eric Kedrosky <ekk at nortel.com> wrote:

> A major outbreak started, for me, in the Asia Pacific region around
> 12:00am EST August 15th, 2005.
> This is associated with an exploit for the MS05-039 vulnerability.  Once
> the virus file is executed on the system it connects home to the Command

This appears to be a variant of the Zotob Worm described by Symantec
at  (http://securityresponse.symantec.com/avcenter/venc/data/w32.zotob.a.html).
 I have seen several systems that appear to be infected with the
variant you describe.

Regards,

Chad Giulini



More information about the list mailing list