Wow... what I meant to bring up was the question whether there was some
other way this thing is spreading OTHER than 445 TCP.
Meni.
-----Original Message-----
From: Ziots, Edward [mailto:EZiots (at) Lifespan (dot) org [email concealed]]
Sent: Monday, August 15, 2005 7:58 PM
To: 'Meni Milstein'; 'Mike'
Cc: focus-virus (at) securityfocus (dot) com [email concealed]
Subject: RE: Virus Outbreak Attacking MS05-039
Well think of other avenues of attack, VPN, Dial-up unpatches systems being
connected to your systems by vendors, just many many ways around the fun
"firewall will protect us from everything"
-----Original Message-----
From: Meni Milstein [mailto:meni (at) menimilstein (dot) com [email concealed]]
Sent: Monday, August 15, 2005 2:00 PM
To: 'Mike'
Cc: focus-virus (at) securityfocus (dot) com [email concealed]
Subject: RE: Virus Outbreak Attacking MS05-039
As far as I know, if you are firewalled correctly and have your 445 tcp port
shut to the outside - this thing should NOT be able to get in.
Am I wrong?
Meni Milstein.
http://www.lcs-guides.com
-----Original Message-----
From: Mike [mailto:mjcarter (at) ihug.co (dot) nz [email concealed]]
Sent: Monday, August 15, 2005 3:41 PM
To: focus-virus (at) securityfocus (dot) com [email concealed]
Subject: Virus Outbreak Attacking MS05-039
Hi List,
Yesterday one of my customers was hit hard by what appears to be a variant
of zotob.
http://securityresponse.symantec.com/avcenter/venc/data/w32.zotob.b.html
This one was very (noisy) crashing services.exe and forcing re-boots on
unpatched WIN2K machines. The boxes we've had a chance to look at were not
infected, but were unpatched. We hope to have samples today from the same
network and have a closer look.
It's time to get patching!
Regards
Mike
Mike
Information Security and Logistics
www.infosec.co.nz
other way this thing is spreading OTHER than 445 TCP.
Meni.
-----Original Message-----
From: Ziots, Edward [mailto:EZiots (at) Lifespan (dot) org [email concealed]]
Sent: Monday, August 15, 2005 7:58 PM
To: 'Meni Milstein'; 'Mike'
Cc: focus-virus (at) securityfocus (dot) com [email concealed]
Subject: RE: Virus Outbreak Attacking MS05-039
Well think of other avenues of attack, VPN, Dial-up unpatches systems being
connected to your systems by vendors, just many many ways around the fun
"firewall will protect us from everything"
Z
Edward Ziots
Network Engineer
Windows/Citrix Administrator
Lifespan Organization
MCSE,MCSA,MCP+I,M.E,CCA, Security +, Network +
eziots (at) lifespan (dot) org [email concealed]
401-639-3505 (Cell)
401-444-6926 (Office)
401-350-5284 (Pager)
-----Original Message-----
From: Meni Milstein [mailto:meni (at) menimilstein (dot) com [email concealed]]
Sent: Monday, August 15, 2005 2:00 PM
To: 'Mike'
Cc: focus-virus (at) securityfocus (dot) com [email concealed]
Subject: RE: Virus Outbreak Attacking MS05-039
As far as I know, if you are firewalled correctly and have your 445 tcp port
shut to the outside - this thing should NOT be able to get in.
Am I wrong?
Meni Milstein.
http://www.lcs-guides.com
-----Original Message-----
From: Mike [mailto:mjcarter (at) ihug.co (dot) nz [email concealed]]
Sent: Monday, August 15, 2005 3:41 PM
To: focus-virus (at) securityfocus (dot) com [email concealed]
Subject: Virus Outbreak Attacking MS05-039
Hi List,
Yesterday one of my customers was hit hard by what appears to be a variant
of zotob.
http://securityresponse.symantec.com/avcenter/venc/data/w32.zotob.b.html
This one was very (noisy) crashing services.exe and forcing re-boots on
unpatched WIN2K machines. The boxes we've had a chance to look at were not
infected, but were unpatched. We hope to have samples today from the same
network and have a closer look.
It's time to get patching!
Regards
Mike
Mike
Information Security and Logistics
www.infosec.co.nz
[ reply ]