Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: New virus, exploits, and old tricks. SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
New virus, exploits, and old tricks.

We received several reports of strings in web server logs that looks like WebDav exploit code. A series of 02 1b 02 1b is the string is being reported.
We have not been able to get any packet captures of this if you get one please send it to us.

A new version of the Netsky virus, Netsky.c is making its rounds. It spreads via email and entices the user to open it with suggestive content.

We have received a report of ?missing email attachments? Johannes suggested: ?Due to a recent flood of new viruses, many organizations are re-evaluating their e-mail policy and as a result strip any attachment, not just attachments that are known to be viruses. ?

We have received more reports of the IPSWITCH imail ldap-exploit being seen in the wild. George Bakos offered ?If anyone wants full binary captures of this stuff in the wild, I've been seeing it in my various thp (tiny honey pot) hosts since 2/19.?

206 Posts
Feb 26th 2004

Sign Up for Free or Log In to start participating in the conversation!