Incidents Mode:
(Page 14 of 170)  < Prev  9 10 11 12 13 14 15 16 17 18 19  Next >
spoolss overflow attempt: unknow threat or false alert ? 2006-09-07
Buozis, Martynas (martynas ti com) (2 replies)

Hello

I see many packets coming from various hosts to few servers (both
clients and servers are inside Intranet) that are identified by SNORT as
NETBIOS SMB spoolss AddPrinterEx unicode little endian overflow attempt.
I checked source hosts with AV and spyware software but found nothing,
while the

[ more ]  [ reply ]
Re: spoolss overflow attempt: unknow threat or false alert ? 2006-09-08
Emanuele Rocca (ema linux it)
Re: spoolss overflow attempt: unknow threat or false alert ? 2006-09-08
mark Hoffman (mhoffman1 iowatelecom net)
New NT4/Windows botnet reported 2006-08-31
Juha-Matti Laurio (juha-matti laurio netti fi)
ISC Diary has new entry published recently entitled as "NT botnet submitted":
http://isc.sans.org/diary.php?storyid=1657
After the release they changed the name to "botnet submitted" to describe the situation better.

The affected library of August's MS06-040, Netapi32.dll, is included to NT4.0 inst

[ more ]  [ reply ]
Re: Re: Odd traffic again...... internal --> 100.100.100.1 (137-udp) 2006-08-26
i m crazy frog gmail com (1 replies)
Hi,

from the link http://www.linklogger.com/UDP137.htm

"Netbios Name Service is typically how Windows computers find out information concerning the networking features offered by a computer, such as System Name, File Shares, etc."

i dont say anyting with out seeing the data.if possible pls attach

[ more ]  [ reply ]
Re: Odd traffic again...... internal --> 100.100.100.1 (137-udp) 2006-08-26
Kevin Johnson (kjohnson secureideas net)
Re: Odd traffic again...... internal --> 100.100.100.1 (137-udp) 2006-08-24
loki74 (loki74 gmail com)
Static IP.
Nothing in LMHosts.
There is no IP of 100.100.100.1, I added a host of 100.100.100.2, and nmap'd.
It is odd...

On 8/24/06, Joel Esler <joel.esler (at) sourcefire (dot) com [email concealed]> wrote:
> Do you have an IP on your network of 100.100.100.1?
>
> Joel
>
>
> On Thu, Aug 24, 2006 at 10:42:28AM -0400, loki74 a

[ more ]  [ reply ]
Odd traffic again...... internal --> 100.100.100.1 (137-udp) 2006-08-24
loki74 (loki74 gmail com) (1 replies)
Hello,
I have posted before about a windows box that sent traffic to
different ip's to port 137, and never really got a solution to it. We
have sinced wiped that box. Now we have a new box, built in a DMZ
(Freshh install, all patches applied) and just connected it to the
internal lan (behind fw).

[ more ]  [ reply ]
Re: Odd traffic again...... internal --> 100.100.100.1 (137-udp) 2006-08-24
Tillmann Werner (tillmann werner gmx de)
New malware names and updates to PowerPoint FAQ document 2006-08-23
Juha-Matti Laurio (juha-matti laurio netti fi)
Several names of related Trojan and dropper have been added to "Microsoft PowerPoint Vulnerability FAQ - August 2006, CVE-2006-4274" document today.

Changes to the document have been done too:
It is known that the Trojan
-generates a hidden iexplore.exe process,
-executes as a thread of this proces

[ more ]  [ reply ]
Major updates in PowerPoint FAQ document - not a 0-day issue 2006-08-22
Juha-Matti Laurio (juha-matti laurio netti fi)
Several updates to Microsoft PowerPoint Vulnerability FAQ - August 2006, CVE-2006-4274 document at
http://blogs.securiteam.com/?p=559
have been done.

* According to the new information confirmed today this is not 0-day vulnerability, it is related to patched MS06-012:
http://www.microsoft.com/techn

[ more ]  [ reply ]
New PowerPoint 0-day and Trojan - FAQ document available 2006-08-21
Juha-Matti Laurio (juha-matti laurio netti fi)
I have constructed a FAQ document about the recent 0-day vulnerability in Microsoft PowerPoint disclosed on Saturday 19th Aug.

This vulnerability is being exploited by Trojan horse TROJ_SMALL.CMZ.
The document entitled as Microsoft PowerPoint 0-day Vulnerability FAQ - August 2006, CVE-2006-nnnn (CV

[ more ]  [ reply ]
Re: High volume of Mambo scans 2006-08-18
nixon kroemeke eu
I've found something similar on one of my machines (tmp) :

-- cut --

#!/usr/bin/perl

# this spreader is coded by xdh

# xdh (at) bsdmail (dot) com [email concealed]

# only for testing...

my @nickname = ("index.php?page=",

"Abdulrazak",

"Ackerman",

"Adams",

"Addison",

"Adelstein",

"Adibe",

"Adorno",

[ more ]  [ reply ]
RE: Active Exploitation of a Vulnerability in Microsoft Windows 2006-08-08
auto494388 hushmail com
This was originally linked as:

Active Exploitation of a Vulnerability in Microsoft Remote
Procedure Call
http://www.us-cert.gov/current/current_activity.html#msrpcexp

But this was quickly changed to "in Microsoft Windows" and
"#msvuls", well not quick enough ;)

Thanks for the heads up, cheers

[ more ]  [ reply ]
Active Exploitation of a Vulnerability in Microsoft Windows 2006-08-08
modincidents mail securityfocus com

CERT has posted that they are aware of active exploitation of a
vulnerability that is scheduled to be patched today.

Active Exploitation of a Vulnerability in Microsoft Windows
http://www.us-cert.gov/current/current_activity.html#msvuls

-Josh

----------------------------------------------------

[ more ]  [ reply ]
Re: Re: New PowerPoint Trojan installs itself as LSP 2006-07-19
Juha-Matti Laurio (juha-matti laurio netti fi)
At time of writing this information is not available.

- Juha-Matti

killy <killfactory (at) gmail (dot) com [email concealed]> wrote:

> Do we what port this backdoor is trying to connect through?
>

------------------------------------------------------------------------
------
This List Sponsored by: Black Hat

Attend th

[ more ]  [ reply ]
New PowerPoint Trojan installs itself as LSP 2006-07-18
Juha-Matti Laurio (juha-matti laurio netti fi) (1 replies)
It appears that there is a new type of PowerPoint 0-day Trojan spreading,
more details at this write-up:
http://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2

006-071812-3213-99

What the technical details section says is:
"Installs the file SNootern.dll as a layered service provi

[ more ]  [ reply ]
Re: New PowerPoint Trojan installs itself as LSP 2006-07-19
killy (killfactory gmail com)
Preliminary CFP:The 2nd International Conference on Availability, Reliability and Security (ARES 07), Vienna, Austria, April 10-13, 2007 2006-07-12
Manh Tho (manhthovn gmail com)
Apologies for multiple copies due to cross postings. Please send to
interested colleagues and students.

Preliminary Call for Papers
---------------------------------------------------------------------
The Second International Conference on Availability, Reliability
and Securi

[ more ]  [ reply ]
Suspicious 404's 2006-07-12
dso (dso moosoft com) (2 replies)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I got some suspicious error reports overnight. In my own research it
looks like an attempt to exploit a very old bug. Perhaps it is very new.

For brevity I have not included the header in each one.

A 404 error was encountered by 212.143.111.82 on We

[ more ]  [ reply ]
Re: Suspicious 404's 2006-07-16
Joel Esler (eslerj gmail com) (1 replies)
Re: Suspicious 404's 2006-07-18
Jose David Hidalgo Herrera (joseche gmail com)
Re: Suspicious 404's 2006-07-12
Peter Kosinar (goober ksp sk)
System Idle Process making TCP connections 2006-07-07
John Davison (johndavison compasseng com) (1 replies)
I've never seen anything like this before. After experiencing some really
strange behavior from various applications and lot of looking around, I
downloaded TCPView from System Internals and found that the System Idle
Process (id 0) is making connections to itself, from source port 6160 to a
se

[ more ]  [ reply ]
Re: System Idle Process making TCP connections 2006-07-07
lee e rian census gov (1 replies)
Re: System Idle Process making TCP connections 2006-07-08
John Davison (johndavison compasseng com)
Outbound Connections 2006-07-06
No email com (2 replies)
The [System] process (PID 4 on this Windows XP Pro Box) is making strange outbound connections to unknown IP address spaces on one of our machines. It tries to connect to port 139 and 445. Is there any way to figure out what is causing the system process to do this? The connections do not seem to b

[ more ]  [ reply ]
Re: Outbound Connections 2006-07-07
Joel Esler (eslerj gmail com)
Re: Outbound Connections 2006-07-07
Ted Pham (telamon cmu edu) (1 replies)
RE: Outbound Connections 2006-07-07
Ken Dunham (dunhamk rica net)
(Page 14 of 170)  < Prev  9 10 11 12 13 14 15 16 17 18 19  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus