Focus on Virus Mode:
(Page 16 of 63)  < Prev  11 12 13 14 15 16 17 18 19 20 21  Next >
FW: Fw: zotob 2005-08-16
jay.tomas (at) infosecguru (dot) com [email concealed] (jay tomas infosecguru com)
Just an observation ... by renaming admin accounts you'll thwart the simpliest of script kiddies.
Anyone with an 'ounce' of skill will enumerate your box and look at the sid of the user ids.

e.g.

Username SID
WishICouldFoolYou S-1-5-21-329067152-789339058-725245543-500

500 is yo

[ more ]  [ reply ]
wintbp.exe 2005-08-16
Schlegel, Justin (justin schlegel ICTGROUP COM) (2 replies)
Hi,

My company has recently been hit with some variety of virus that is
rebooting our machines. As far as I can tell the process causing the
problem is wintbp.exe. I have searched in google and all the major AV
vendors for this file with no luck. Does anyone have any information on
this process

[ more ]  [ reply ]
Re: wintbp.exe 2005-08-17
William O'Malley (wo andrew cmu edu)
Re: wintbp.exe 2005-08-16
Jacob Bresciani (jacob bresciani ca)
RE: Virus Outbreak Attacking MS05-039 2005-08-16
Lawrence, Kenneth E ERDC-CHL-MS Contractor (Kenneth E Lawrence erdc usace army mil)
There appear to be patches available for everything from W2K up.
Look for KB899588.

Ken Lawrence <<mailto:lawrenk (at) wes.army (dot) mil [email concealed]>>
HNS Consultants
Unix System Administrator

-----Original Message-----
From: Eddie Willett [mailto:Eddie.Willett (at) richmond.ppdi (dot) com [email concealed]]
Sent: Monday, August 15, 2005 3:36 P

[ more ]  [ reply ]
RE: Virus Outbreak Attacking MS05-039 2005-08-16
Shaffer, Bruce (security stsgi com)
Try http://www.microsoft.com/technet/security/advisory/899588.mspx

-----Original Message-----
From: Eddie Willett [mailto:Eddie.Willett (at) richmond.ppdi (dot) com [email concealed]]
Sent: Monday, August 15, 2005 4:36 PM
To: focus-virus (at) securityfocus (dot) com [email concealed]
Subject: RE: Virus Outbreak Attacking MS05-039

I have read that this

[ more ]  [ reply ]
RE: Virus Outbreak Attacking MS05-039 2005-08-16
Ziots, Edward (EZiots Lifespan org) (1 replies)
Chris,

NO offense but I am the security admin for my network, and we implement
defense in depth and system level hardening at the OS core and working
outwards to the firewall and DMZ and internet router, so as to take a
layered approach. Its more work, but if planned and implemented properly it
ma

[ more ]  [ reply ]
Re: Virus Outbreak Attacking MS05-039 2005-08-16
Chris Wensink (chris wensink gmail com)
Re: zotob 2005-08-16
John D. Patota (jpatota ccs neu edu) (1 replies)
The first two points are really for securing the administrator account
on a server or other secure machine. The admin which doesnt belong to
any group has no access to the system. If a hacker of virus were trying
to break into the Administrator, it would be nothing more than a decoy.

Blending th

[ more ]  [ reply ]
RE: zotob 2005-08-16
David Gillett (gillettdavid fhda edu)
RE: Virus Outbreak Attacking MS05-039 2005-08-16
Ziots, Edward (EZiots Lifespan org)
Yes,

This is one of the sticky points that usually gets everyone. I would really
like to see Microsoft and Cisco make promise of the sandbox functionality
with the mating of there technologies a reality, so basically you cant go
anywhere on the host network unless you are first scanned by a host s

[ more ]  [ reply ]
Re: zotob 2005-08-16
John D. Patota (jpatota ccs neu edu)
I got the following information from a friend which may be helpful.....

Here is a link to the houseofdabus PoC code that Zotob.A/B/C is
based on:

http://packetstormsecurity.org/0508-exploits/HOD-ms05039-pnp-expl.c

FSecure is keeping up to date with the latest variants including
Zotob.C (http://

[ more ]  [ reply ]
RE: Virus Outbreak Attacking MS05-039 2005-08-15
Eddie Willett (Eddie Willett richmond ppdi com)
I have read that this virus can be spread on any windows os but only
affects 2000, 2003??, xp?? I have gotten conflicting reports about the
last. What is the truth to this. Does anyone know?

Eddie

-----Original Message-----
From: Paul Schmehl [mailto:pauls (at) utdallas (dot) edu [email concealed]]
Sent: Monday, August 15,

[ more ]  [ reply ]
ms05-039 2005-08-15
hc0d3 (hc0d3 yahoo com)
All,

here is what the worm does:

Spreading using Plug and Play service vulnerability

The worm scans for systems vulnerable to Microsoft
Windows Plug and Play service (MS05-039) through
TCP/445.

It creates 300 threads that connect to random IP
addresses within the B-class (255.255.0.0) network of

[ more ]  [ reply ]
RE: Virus Outbreak Attacking MS05-039 2005-08-16
Semerjian, Ohanes (ohanes semerjian cba com au)
You should never allow vendors/third party partners to be connected to your
internal data network, that is just a bad practice and if you do so you are
asking for a trouble.

They can be on a segment owned by your company but firewalled.

Best Regards
Ohanes Semerjian

-----Original Message-----
F

[ more ]  [ reply ]
RE: zotob 2005-08-15
Brady McClenon (BMcClenon uamail albany edu)
I'm curious to see if a worm using this vulnerability hits XP with any
considerable outbreak. With the firewall in XP, the worm would have
it's propagation hindered greatly.

Brady McClenon
Systems Administrator
ITS - Systems Management and Operations
University at Albany
518-442-3619

-----Origi

[ more ]  [ reply ]
RE: Virus Outbreak Attacking MS05-039 2005-08-15
Mike (mjcarter ihug co nz) (1 replies)
I don't believe you can exploit MS05-039 on anything other than 445, Note
that this thing doesn't spread via 445 it gains access through the exploit
to start an FTP session and spreads via FTP. Of course it's always possible
that the virus switches to a different vulnerability, it does have the
abil

[ more ]  [ reply ]
Re: Virus Outbreak Attacking MS05-039 2005-08-15
Chris Wensink (chris wensink gmail com)
RE: Virus Outbreak Attacking MS05-039 2005-08-15
Paul Schmehl (pauls utdallas edu)
--On Monday, August 15, 2005 20:00:12 +0200 Meni Milstein
<meni (at) menimilstein (dot) com [email concealed]> wrote:

> As far as I know, if you are firewalled correctly and have your 445 tcp
> port shut to the outside - this thing should NOT be able to get in.
> Am I wrong?
>
This is almost word for word what people said abo

[ more ]  [ reply ]
zotob 2005-08-15
John D. Patota (jpatota ccs neu edu) (1 replies)
Its my estimate it will only be a few days until this hits windows XP.

Some useful information is at http://www.f-secure.com/v-descs/zotob_a.shtml

The biggest thing I can think of is to have users assign strong
passwords to their Administrator accounts. If you want to do things
right, take the f

[ more ]  [ reply ]
RE: zotob 2005-08-15
Nick Wells (nick clandestineresearch com)
Re: Virus Outbreak Attacking MS05-039 2005-08-15
Ansgar -59cobalt- Wiechers (bugtraq planetcobalt net)
On 2005-08-15 Meni Milstein wrote:
> As far as I know, if you are firewalled correctly and have your 445
> tcp port shut to the outside - this thing should NOT be able to get
> in. Am I wrong?

Partially. According to [1] you need 445/tcp and 139/tcp closed. Packet
filters would do this, or you coul

[ more ]  [ reply ]
RE: Virus Outbreak Attacking MS05-039 2005-08-15
Ziots, Edward (EZiots Lifespan org) (1 replies)
Well think of other avenues of attack, VPN, Dial-up unpatches systems being
connected to your systems by vendors, just many many ways around the fun
"firewall will protect us from everything"

Z

Edward Ziots
Network Engineer
Windows/Citrix Administrator
Lifespan Organization
MCSE,MCSA,MCP+I,M.E,CCA

[ more ]  [ reply ]
RE: Virus Outbreak Attacking MS05-039 2005-08-15
Meni Milstein (meni menimilstein com)
RE: Virus Outbreak Attacking MS05-039 2005-08-15
Meni Milstein (meni menimilstein com)
Of courseâ?¦
I was referring to my servers for starters.
All laptops in our offices are protected and firewalled as well.
Thanks for the concern though!
â?º

________________________________________
From: jfvanmeter (at) comcast (dot) net [email concealed] [mailto:jfvanmeter (at) comcast (dot) net [email concealed]]
Sent: Monday, August 15, 2005 7:52 PM

[ more ]  [ reply ]
RE: Virus Outbreak Attacking MS05-039 2005-08-15
Mike (mjcarter ihug co nz)
Yep correct, but easily brought in by one "out of compliance" infected
laptop.

Mike
-----Original Message-----
From: Meni Milstein [mailto:meni (at) menimilstein (dot) com [email concealed]]
Sent: Tuesday, August 16, 2005 6:00 AM
To: 'Mike'
Cc: focus-virus (at) securityfocus (dot) com [email concealed]
Subject: RE: Virus Outbreak Attacking MS05-039

As f

[ more ]  [ reply ]
Virus Outbreak Attacking MS05-039 2005-08-15
Mike (mjcarter ihug co nz) (1 replies)
Hi List,
Yesterday one of my customers was hit hard by what appears to be a variant
of zotob.
http://securityresponse.symantec.com/avcenter/venc/data/w32.zotob.b.html

This one was very (noisy) crashing services.exe and forcing re-boots on
unpatched WIN2K machines. The boxes we've had a chance to lo

[ more ]  [ reply ]
RE: Virus Outbreak Attacking MS05-039 2005-08-15
Meni Milstein (meni menimilstein com)
Re: Does anyone know much about "Exploit.HTML.MHTRedir-8"? 2005-08-05
reb93720 yahoo com
http://www.sophos.com/virusinfo/analyses/trojmhtredirh.html

[ more ]  [ reply ]
(Page 16 of 63)  < Prev  11 12 13 14 15 16 17 18 19 20 21  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus