JS/Zerolin.gen increase ...?

**MrCoffee** · September 29th, 2004, 05:18 PM

Hey everyone,

Has anyone else noticed a huge increase of email with the JS/Zerolin exploit in them? We use GFI Mail Security for AV on our Exchange server, and over the last week or so, the number of messages inbound with Zerolin has increased about 400%.

JS/Zerolin has been around for a while, so it is getting nailed, but it is starting to really clog up the works. Anyone else seeing this?

Thanks!
MrCoffee

**kr5kernel** · September 30th, 2004, 02:10 PM

We run a pretty small operation (30 employees or so) and I have also noticed a hugh increase in JS/Zerolin. It went from non existant to doubling every week and a half. Our number of portscans has also increased significantly. Stupid bad traffic.

**MrCoffee** · September 30th, 2004, 02:52 PM

Yup, we are in the same boat. Less the 50 Users here, and the portscans have also increased, thou I never connected the two together until you mentioned it. Hmmm time to comb thru the log files me thinks

Thank you for your reply!

Cheers!
MrC

**kr5kernel** · September 30th, 2004, 02:57 PM

Something else you may want to check, who kinows maybe they are related...

We have been having someone (multiple ips) trying to ssh and guess passwords to accounts like "test", "admin", "nobody" we get about 20 of those every 3 days. I figure it must be a worm. As the ip's are coming from all different places, and it seems like a pretty lowball attack if it was someone actuallly spoofing his ip.

**MrCoffee** · September 30th, 2004, 03:13 PM

I will take a look. I found when this started, at least on my network, I was getting a couple hundred "ip spoof" hits in my Firewall log, per day. The IP was one upstream at my ISP, but the MAC was always the same. It suddently stopped about the time school started.... :O

Cheers!

Thread: JS/Zerolin.gen increase ...?

Thread Tools

Display

JS/Zerolin.gen increase ...?

Posting Permissions