[unisog] Virus?

H. Morrow Long morrow.long at yale.edu
Tue Feb 17 03:40:36 GMT 2004


Sounds like it could be the 'exploit' for the ASN.1 vulnerability
(MS04-007) in Windows which was released and is apparently being
actively exploited on the Internet.

- H. Morrow Long
   Director - Information Security Office
   Yale University, ITS

On Feb 16, 2004, at 1:26 PM, Jeff Nagel wrote:

> We've recently begun to see some machines with Blaster-like activity 
> such as
> the RPC message and then the machines reboots itself.  Virus protection
> seems to get disabled and when you try to do LiveUpdate it closes.  
> Another
> symptom is when you try to go into the registry is closes on you.  The
> machines also are showing outbound traffic on port 135.
>
> Any ideas?
>
> Jeff Nagel, MCP
> Network Support Specialist
> Wisconsin Lutheran College
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3035 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20040216/78db7249/smime-0003.bin


More information about the unisog mailing list