jjnagel at wi.rr.com
Tue Feb 17 19:42:04 GMT 2004
A common thing I am seeing from the machines that have outbound traffic on
port 135 is a service called Win leoahder.
From: H. Morrow Long [mailto:morrow.long at yale.edu]
Sent: Monday, February 16, 2004 9:41 PM
To: Jeff Nagel
Cc: unisog at sans.org
Subject: Re: [unisog] Virus?
Sounds like it could be the 'exploit' for the ASN.1 vulnerability
(MS04-007) in Windows which was released and is apparently being
actively exploited on the Internet.
- H. Morrow Long
Director - Information Security Office
Yale University, ITS
On Feb 16, 2004, at 1:26 PM, Jeff Nagel wrote:
> We've recently begun to see some machines with Blaster-like activity
> such as
> the RPC message and then the machines reboots itself. Virus protection
> seems to get disabled and when you try to do LiveUpdate it closes.
> symptom is when you try to go into the registry is closes on you. The
> machines also are showing outbound traffic on port 135.
> Any ideas?
> Jeff Nagel, MCP
> Network Support Specialist
> Wisconsin Lutheran College
More information about the unisog