Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


[Dshieldannounce] Rapid increase in port 3127 scans
.

  • To: [EMAIL PROTECTED]
  • Subject: [Dshieldannounce] Rapid increase in port 3127 scans
  • From: "Johannes B. Ullrich" <[EMAIL PROTECTED]>
  • Date: Wed, 28 Jan 2004 16:17:59 -0500
  • Old-received: (qmail 15641 invoked from network); 28 Jan 2004 21:18:02 -0000
  • Old-received: from mail.euclidian.com (68.166.125.210) by 0 with SMTP; 28 Jan 2004 21:18:02 -0000
  • Old-received: (qmail 14408 invoked from network); 28 Jan 2004 21:18:02 -0000
  • Old-received: from (HELO bartdocked.lan) () by 0 with SMTP; 28 Jan 2004 21:18:02 -0000
  • Old-x-envelope-to: [EMAIL PROTECTED]
  • Organization: SANS Institute - Internet Storm Center
  • Reply-to: [EMAIL PROTECTED]
  • Sender: [EMAIL PROTECTED]
.
 
Today, we observed a rapid increase in port 3127 scans. This is likely
an attempt to find, and possibly exploit, hosts infected with
MyDoom/Novarg.

At this point, the purpose of these scans is not yet clear, but it is
likely, that the goal is to install additional malware.


If you find a MyDoom/Novarg infected host, please take extra steps to
ensure that no additional malware is present on this host. The standard
MyDoom/Novarg removal procedures will only remove the Virus, not any
additional malware that may have been installed via the backdoor.


-- 
CTO SANS Internet Storm Center               http://isc.sans.org
phone: (617) 837 2807                          [EMAIL PROTECTED] 

contact details: http://johannes.homepc.org/contact.htm

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
Dshieldannounce mailing list
[EMAIL PROTECTED]
http://www.dshield.org/mailman/listinfo/dshieldannounce
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.