Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Skype worm

Published: 2006-12-18
Last Updated: 2006-12-18 23:54:28 UTC
by Toby Kohlenberg (Version: 2)
0 comment(s)
We are hearing some details of a new worm spreading via Skype IM, it appears to be using a custom (or at least unusual) packer and the network traffic appears encrypted as well. Please send us any info you might have on it.

Thanks for the responses, we do know about the Websense blog post.
Keywords: IM Skype worm
0 comment(s)

ORDB Shutting down

Published: 2006-12-18
Last Updated: 2006-12-18 22:46:03 UTC
by Toby Kohlenberg (Version: 1)
0 comment(s)
the Open Relay DataBase announced today that they will be shutting down
http://ordb.org/news/?id=38
Please don't send us rants on whether you loved or hated the ORDB, we have an automated tool for doing that. HOWEVER, if you are a mail admin and you have been using their database for your blacklist, you'll want to stop doing so. To quote the site:
" DNS and the mailing lists will vanish today, December 18, 2006. This website will vanish by December 31, 2006."


0 comment(s)

4242/TCP Activity is up

Published: 2006-12-18
Last Updated: 2006-12-18 19:47:48 UTC
by Toby Kohlenberg (Version: 1)
0 comment(s)
We've heard reports of lots of activity on port 4242/TCP recently. Is anyone else seeing this trend? If so when did you start seeing it and have you looked into its source or cause?
Keywords:
0 comment(s)
Diary Archives