[unisog] New Worm?

James Macdonell jmacdone at csusb.edu
Fri Jun 4 19:53:06 GMT 2004

We're experiencing it.  The FTP ports vary, though. I don't know the
vector of attack (yet) but we've been seeing the results of compromises
with our local snort rules.  I've posted them here for your enjoyment:


James Macdonell <jmacdone at csusb.edu>
Information Security Analyst
CSU San Bernardino
Phone: 909.880.7262 Fax: 909.880.7189
PGP: http://security.csusb.edu/~jmacdone/pgp.asc

On Thu, 2004-06-03 at 10:36, Mary Ng wrote:

> We have been detecting a number of our fully patched Windows NT/2000
> Workstations/Servers running the latest virus definition files being
> compromised with the following symptoms:
> 3. Compromised systems have an FTP service installed communicating on ports
> 3250 and 59980
> Are other universities experiencing anything like this?

More information about the unisog mailing list