Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Another wave of virus / New Gaobot / HP Web JetAdmin Vulnerability exploitation

Published: 2004-04-28
Last Updated: 2004-04-28 22:54:54 UTC
by Pedro Bueno (Version: 1)
0 comment(s)

W32.Gaobot.AFJ

Some news about yesterdays diary about "Phatbot exploiting LSASS".
The binary was identified today by Symantec beta virus definition as
W32.Gaobot.AFJ.


This is the not the end...we received information about another yet variation that is not identified by this beta virus defs. As reported in previous diaries, the source code of the worm is available on the underground, and continuous and more controlled / dangerous versions are expected.




Bagle.aa/Beagle.X and Netsky.AB on the wild

A new version of the Beagle worm was discovered today. Besides the common
behavior of spreading itself by file-sharing and email, this version also opens a
backdoor on port 2535.
Also, versions of the newest version of Netsky (Netsky.AB) is reported to
be on the wild.
At this time, some of the major AV companies already have updated the virus
definitions file that allows the detection of them.
Reference: http://www.sarc.com/avcenter/venc/data/w32.beagle.x@mm.html

http://www.sarc.com/avcenter/venc/data/w32.netsky.ab@mm.html

HP Web JetAdmin vulnerability exploitation

We received a report about the exploitation of the HP Web JetAdmin vulnerability posted at the Bugtraq mailing list.
This vulnerability affects version 6.5. Also, versions 6.2 and 7.0 are partially affected.
Reference: http://www.securityfocus.com/archive/1/361535/2004-04-24/2004-04-30/0

-------------------------------------------------

Handler on duty: Pedro Bueno (bueno_AT_ieee.org)
Keywords:
0 comment(s)
Diary Archives