Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Power Outage Impact - Nachia Worm - Sobig F

Published: 2003-08-20
Last Updated: 2003-08-20 17:53:29 UTC
by Handlers (Version: 1)
0 comment(s)
Power Outage

Renesys published a very interesting paper detailing the impact of the power outage on connectivity in the North East.

http://www.renesys.com/news/index.html

Nachia Worm

The Nachia worm is still spreading fast. While this worm is frequently refered to as a 'good worm', it should be noted that the impact of this worm is worse than 'Blaster'. While this worm cleans up blaster infected machines, it causes network disrubtion due to its agressive pinging. Also, note that this virus will install a back door and it will scan for machines that are vulnerable to the WebDav IIS exploit. In so far, this worm may just remove the Blaster virus to protect itself, like many 'auto rooters' do.

Sobig F

Despite the best efforts of system admins world wide, users are still clicking on e-mail attachments. We strongly recommend attachment stripping on mail gateways. Please note, that the 'From' address is spoofed. Do not send auto replies to senders, as this will just worsen the email flood caused by Sobig F. As other Sobig variants, this one includes the ability to update the worm remotely, backdoors and a full set of other evilness.

Keywords:
0 comment(s)
Diary Archives