Focus on Virus Mode:
(Page 16 of 62)  < Prev  11 12 13 14 15 16 17 18 19 20 21  Next >
Re: zotob 2005-08-16
John D. Patota (jpatota ccs neu edu)
The first two points are really for securing the administrator account
on a server or other secure machine. The admin which doesnt belong to
any group has no access to the system. If a hacker of virus were trying
to break into the Administrator, it would be nothing more than a decoy.

Blending th

[ more ]  [ reply ]
RE: Virus Outbreak Attacking MS05-039 2005-08-16
Ziots, Edward (EZiots Lifespan org)
Yes,

This is one of the sticky points that usually gets everyone. I would really
like to see Microsoft and Cisco make promise of the sandbox functionality
with the mating of there technologies a reality, so basically you cant go
anywhere on the host network unless you are first scanned by a host s

[ more ]  [ reply ]
Re: zotob 2005-08-16
John D. Patota (jpatota ccs neu edu)
I got the following information from a friend which may be helpful.....

Here is a link to the houseofdabus PoC code that Zotob.A/B/C is
based on:

http://packetstormsecurity.org/0508-exploits/HOD-ms05039-pnp-expl.c

FSecure is keeping up to date with the latest variants including
Zotob.C (http://

[ more ]  [ reply ]
RE: Virus Outbreak Attacking MS05-039 2005-08-15
Eddie Willett (Eddie Willett richmond ppdi com)
I have read that this virus can be spread on any windows os but only
affects 2000, 2003??, xp?? I have gotten conflicting reports about the
last. What is the truth to this. Does anyone know?

Eddie

-----Original Message-----
From: Paul Schmehl [mailto:pauls (at) utdallas (dot) edu [email concealed]]
Sent: Monday, August 15,

[ more ]  [ reply ]
ms05-039 2005-08-15
hc0d3 (hc0d3 yahoo com)
All,

here is what the worm does:

Spreading using Plug and Play service vulnerability

The worm scans for systems vulnerable to Microsoft
Windows Plug and Play service (MS05-039) through
TCP/445.

It creates 300 threads that connect to random IP
addresses within the B-class (255.255.0.0) network of

[ more ]  [ reply ]
RE: Virus Outbreak Attacking MS05-039 2005-08-16
Semerjian, Ohanes (ohanes semerjian cba com au)
You should never allow vendors/third party partners to be connected to your
internal data network, that is just a bad practice and if you do so you are
asking for a trouble.

They can be on a segment owned by your company but firewalled.

Best Regards
Ohanes Semerjian

-----Original Message-----
F

[ more ]  [ reply ]
RE: zotob 2005-08-15
Brady McClenon (BMcClenon uamail albany edu)
I'm curious to see if a worm using this vulnerability hits XP with any
considerable outbreak. With the firewall in XP, the worm would have
it's propagation hindered greatly.

Brady McClenon
Systems Administrator
ITS - Systems Management and Operations
University at Albany
518-442-3619

-----Origi

[ more ]  [ reply ]
RE: Virus Outbreak Attacking MS05-039 2005-08-15
Mike (mjcarter ihug co nz) (1 replies)
I don't believe you can exploit MS05-039 on anything other than 445, Note
that this thing doesn't spread via 445 it gains access through the exploit
to start an FTP session and spreads via FTP. Of course it's always possible
that the virus switches to a different vulnerability, it does have the
abil

[ more ]  [ reply ]
Re: Virus Outbreak Attacking MS05-039 2005-08-15
Chris Wensink (chris wensink gmail com)
RE: Virus Outbreak Attacking MS05-039 2005-08-15
Paul Schmehl (pauls utdallas edu)
--On Monday, August 15, 2005 20:00:12 +0200 Meni Milstein
<meni (at) menimilstein (dot) com [email concealed]> wrote:

> As far as I know, if you are firewalled correctly and have your 445 tcp
> port shut to the outside - this thing should NOT be able to get in.
> Am I wrong?
>
This is almost word for word what people said abo

[ more ]  [ reply ]
zotob 2005-08-15
John D. Patota (jpatota ccs neu edu) (1 replies)
Its my estimate it will only be a few days until this hits windows XP.

Some useful information is at http://www.f-secure.com/v-descs/zotob_a.shtml

The biggest thing I can think of is to have users assign strong
passwords to their Administrator accounts. If you want to do things
right, take the f

[ more ]  [ reply ]
RE: zotob 2005-08-15
Nick Wells (nick clandestineresearch com)
Re: Virus Outbreak Attacking MS05-039 2005-08-15
Ansgar -59cobalt- Wiechers (bugtraq planetcobalt net)
On 2005-08-15 Meni Milstein wrote:
> As far as I know, if you are firewalled correctly and have your 445
> tcp port shut to the outside - this thing should NOT be able to get
> in. Am I wrong?

Partially. According to [1] you need 445/tcp and 139/tcp closed. Packet
filters would do this, or you coul

[ more ]  [ reply ]
RE: Virus Outbreak Attacking MS05-039 2005-08-15
Ziots, Edward (EZiots Lifespan org) (1 replies)
Well think of other avenues of attack, VPN, Dial-up unpatches systems being
connected to your systems by vendors, just many many ways around the fun
"firewall will protect us from everything"

Z

Edward Ziots
Network Engineer
Windows/Citrix Administrator
Lifespan Organization
MCSE,MCSA,MCP+I,M.E,CCA

[ more ]  [ reply ]
RE: Virus Outbreak Attacking MS05-039 2005-08-15
Meni Milstein (meni menimilstein com)
RE: Virus Outbreak Attacking MS05-039 2005-08-15
Meni Milstein (meni menimilstein com)
Of courseâ?¦
I was referring to my servers for starters.
All laptops in our offices are protected and firewalled as well.
Thanks for the concern though!
â?º

________________________________________
From: jfvanmeter (at) comcast (dot) net [email concealed] [mailto:jfvanmeter (at) comcast (dot) net [email concealed]]
Sent: Monday, August 15, 2005 7:52 PM

[ more ]  [ reply ]
RE: Virus Outbreak Attacking MS05-039 2005-08-15
Mike (mjcarter ihug co nz)
Yep correct, but easily brought in by one "out of compliance" infected
laptop.

Mike
-----Original Message-----
From: Meni Milstein [mailto:meni (at) menimilstein (dot) com [email concealed]]
Sent: Tuesday, August 16, 2005 6:00 AM
To: 'Mike'
Cc: focus-virus (at) securityfocus (dot) com [email concealed]
Subject: RE: Virus Outbreak Attacking MS05-039

As f

[ more ]  [ reply ]
Virus Outbreak Attacking MS05-039 2005-08-15
Mike (mjcarter ihug co nz) (1 replies)
Hi List,
Yesterday one of my customers was hit hard by what appears to be a variant
of zotob.
http://securityresponse.symantec.com/avcenter/venc/data/w32.zotob.b.html

This one was very (noisy) crashing services.exe and forcing re-boots on
unpatched WIN2K machines. The boxes we've had a chance to lo

[ more ]  [ reply ]
RE: Virus Outbreak Attacking MS05-039 2005-08-15
Meni Milstein (meni menimilstein com)
Re: Does anyone know much about "Exploit.HTML.MHTRedir-8"? 2005-08-05
reb93720 yahoo com
http://www.sophos.com/virusinfo/analyses/trojmhtredirh.html

[ more ]  [ reply ]
Does anyone know much about "Exploit.HTML.MHTRedir-8"? 2005-08-05
Billy (billy laggui com) (1 replies)
Hi all!

We have a WinNT4 server that is running DNS for our WAN.
Lately, it seems that our users who are browsing are being redirected
elsewhere.
A preliminary check of the system using Norton AV 2003 (fully-updated, of
course) revealed no infections, but a scan with ClamAV (20050725, also
fully

[ more ]  [ reply ]
Re: Does anyone know much about "Exploit.HTML.MHTRedir-8"? 2005-08-05
Simon Borduas (sborduas hypertec ca)
R: Strange and very small email - new virus 2005-07-27
Michele Nappa bipop it
This is the header of the same message I got

Return-Path: <michelenapoli@*.it>
X-Original-To: michelenappa@*.it
Delivered-To: michelenappa@*.it
Received: from Antigua-p2Dunnmayda.net (unknown [196.28.63.41])
by smtp-in2.email.it (Email.it) with SMTP id 6821EBC007
for <michelenappa@*.it>; Fri, 22

[ more ]  [ reply ]
Re: Strange and very small email - new virus 2005-07-27
Richard Stiennon (RStiennon webroot com)
Is someone harvesting email addresses for Spam or a future targetted attack? You are seeing the non bounced successful guesses?

Stiennon
--------------------------
Sent from my BlackBerry Wireless Handheld

-----Original Message-----
From: Joseph (Joe) Lynn <Joe.Lynn (at) tiniusolsen.co (dot) uk [email concealed]>
To: jiggl

[ more ]  [ reply ]
RE: Strange and very small email - new virus 2005-07-27
Joseph (Joe) Lynn (Joe Lynn tiniusolsen co uk)
Hi all,

We are receiving similar emails...

My Outlook reads the attachment as 91 bytes.

When you extract the attachment however, it shrinks to 2 bytes.
When opened in Notepad, there is no data inside.

It is very strange, as I can't see how a virus like this would spread -
even if it is a failed

[ more ]  [ reply ]
RE: Strange and very small email - new virus 2005-07-27
Jefferies, Darren (Darren Jefferies health wa gov au)
Hi all, staff where I work recieved a lot of E-Mails like these a number of years ago so I submitted a sample to our antivirus supplier. They found these to be the result of an antivirus system doing an incomplete job of removing a virus during the E-Mails transit. These may possibly be the same t

[ more ]  [ reply ]
RE: Strange and very small email - new virus 2005-07-26
Tim Myers (tmyers coactivesys com) (1 replies)
This information is unconfirmed but it was reported that the email was
sent from computers infected with the bagel Trojan.

Below is a google cache of isc.scans.org, had to use the cache since the
diary was already updated with new content.

http://64.233.167.104/search?q=cache:CTOjLghWLKcJ:isc.sans

[ more ]  [ reply ]
Re: Strange and very small email - new virus 2005-07-27
- (bkporter gmail com)
Re: Strange and very small email - new virus 2005-07-26
jiggly janottaherner com (1 replies)
Yes, we have gotten about 2 of these types of emails. The file is a named 1.txt (61 Bytes in size) and the email subject is "1". We are a company with about 35 email addresses under our domain and have received viruses through some of them in the past. This strange email has come to 2 of our acco

[ more ]  [ reply ]
Re: Strange and very small email - new virus 2005-07-26
Baruch Ben-David (baruch blessedb org)
(Page 16 of 62)  < Prev  11 12 13 14 15 16 17 18 19 20 21  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus