[unisog] Nachi and NetFlow

Sheil, Sean SEAN at mail.nwmissouri.edu
Thu Oct 30 05:25:09 GMT 2003


	We have had about 20 PC's that I have located this week where NAV
was perfectly happy.  However when I had the users run an online virus scan,
blaster or nachi was found.  These were personal machines that we do not
have a lot of control over.
	I am doing some research, but it appears that the worm is starting
and stopping it's scans.

Sean

-----Original Message-----
From: Mitch Collinsworth [mailto:mitch at ccmr.cornell.edu]
Sent: Wednesday, October 29, 2003 8:12 PM
To: Lois Lehman
Cc: Scott Genung; unisog at sans.org
Subject: RE: [unisog] Nachi and NetFlow



Today one of my staff told me about a new one he's started seeing
that manages to hide all traces of itself from NAV.  He was finally
able to find it by sharing the C: drive to another machine, mounting
it on that machine and scanning it from there.   (!)

-Mitch




More information about the unisog mailing list