Threat Level: green Handler on Duty: Russell Eubanks

SANS ISC: InfoSec Handlers Diary Blog - New virus, exploits, and old tricks. InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

New virus, exploits, and old tricks.

Published: 2004-02-25
Last Updated: 2004-02-26 02:54:51 UTC
by donald smith (Version: 1)
0 comment(s)

We received several reports of strings in web server logs that looks like WebDav exploit code. A series of 02 1b 02 1b is the string is being reported.
We have not been able to get any packet captures of this if you get one please send it to us.

A new version of the Netsky virus, Netsky.c is making its rounds. http://vil.nai.com/vil/content/v_101048.htm. It spreads via email and entices the user to open it with suggestive content.

We have received a report of ?missing email attachments? Johannes suggested: ?Due to a recent flood of new viruses, many organizations are re-evaluating their e-mail policy and as a result strip any attachment, not just attachments that are known to be viruses. ?

We have received more reports of the IPSWITCH imail ldap-exploit being seen in the wild. George Bakos offered ?If anyone wants full binary captures of this stuff in the wild, I've been seeing it in my various thp (tiny honey pot) hosts since 2/19.?
Keywords:
0 comment(s)
Diary Archives