[unisog] New Worm?

Bob Henry bhenry at boisestate.edu
Fri Feb 1 17:39:02 GMT 2008


 We are spotting a growing list of machines sweeping several subnets
like this:

First, try a Ping:
if get a response, try 2 times
if no response, try 4 times

Next, send an NBSTAT -a packet, full of <00>  (or AA)
if no response, try 3 times

All windows boxes, none show viruses when scanned with our Symantec
Enterprise AV, no rootkits according to rootkit revealer and sophos.  8
out of 50 (or so) show up in our Facetime logs trying to phone home, so
they have adware on them.

Has anyone seen anything like this and what was your response?

  



Robert Henry, CISSP, GCIH
Information Security Officer
Office of Information Technology
Boise State University
208-426-5701
bhenry at boisestate.edu
http://boisestate.edu/oit/iso
















More information about the unisog mailing list