New exploit

Allison MacFarlan allison.macfarlan at yale.edu
Tue Nov 11 17:43:36 GMT 2003


We are trying to identify something that is going on here, and wonder if you're
seeing this at your campuses (all of them, not just one):

-waves of spoofed addresses trying to get out to various IPs and IRC locations
(these get dropped, but they tie up the routers with traffic);
-when a machine is examined, it has the executables characteristic of 
W32.Randex.Y,
but the virus is not detected by NAV (no comments);
-reports from all over that event logs are filling up with login attempts, both
successes and failures, suggesting that a password cracker is also part of this
package;
-the machines that are examined are up-to-date with Windows patches and virus
definitions, and the virus engine is working.
-- 
++++---++++---++++---++++
Allison S. MacFarlan
allison.macfarlan at yale.edu
ITS Information Security Officer, AM&T
Yale University
ph: 203-432-6684
bp: 203-370-0554
http://www.yale.edu/its/security



More information about the unisog mailing list