New exploit

Allison MacFarlan allison.macfarlan at
Tue Nov 11 17:43:36 GMT 2003

We are trying to identify something that is going on here, and wonder if you're
seeing this at your campuses (all of them, not just one):

-waves of spoofed addresses trying to get out to various IPs and IRC locations
(these get dropped, but they tie up the routers with traffic);
-when a machine is examined, it has the executables characteristic of 
but the virus is not detected by NAV (no comments);
-reports from all over that event logs are filling up with login attempts, both
successes and failures, suggesting that a password cracker is also part of this
-the machines that are examined are up-to-date with Windows patches and virus
definitions, and the virus engine is working.
Allison S. MacFarlan
allison.macfarlan at
ITS Information Security Officer, AM&T
Yale University
ph: 203-432-6684
bp: 203-370-0554

More information about the unisog mailing list