> Is there any legitimate reason for these types of
> random netbios name
> scans, or any netbios name scan for that matter?
Hhhhmmmm...a traffic capture might be something to do.
Or, when the traffic occurs, run fport on the system
to see which process is using the source port...
> Also, does anyone know if
> there is any way to remotely detect this worm on a
> machine without running a local virus scan?
Well, depending on the variant, it should be pretty
easy to do:
http://www.sarc.com/avcenter/venc/data/w32.opaserv.worm.html
Seems all you have to do is scan for the files on the
root of the drive, or even easier is the Registry key.
I run monthly scans to check the ubiquitous Run key,
as well as others...using Perl, of course.
__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
------------------------------------------------------------------------
----
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
> Is there any legitimate reason for these types of
> random netbios name
> scans, or any netbios name scan for that matter?
Hhhhmmmm...a traffic capture might be something to do.
Or, when the traffic occurs, run fport on the system
to see which process is using the source port...
> Also, does anyone know if
> there is any way to remotely detect this worm on a
> machine without running a local virus scan?
Well, depending on the variant, it should be pretty
easy to do:
http://www.sarc.com/avcenter/venc/data/w32.opaserv.worm.html
Seems all you have to do is scan for the files on the
root of the drive, or even easier is the Registry key.
I run monthly scans to check the ubiquitous Run key,
as well as others...using Perl, of course.
__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
------------------------------------------------------------------------
----
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
[ reply ]