-
Tedob1 I am sorry, I did not mean to imply you are a script kiddie, I have been around the board for quite a while but I only recently signed up. I read some of your posts before and I am well aware you are a respected member of the community.
From reading your first post in this thread I got the impression that you were unaware that there was (is) a tweaked version of this exploit and I wanted to point that out.
I did not want to put in the link because that would make it to easy for the skids to get at it and I figured you would be able to find it yourself, I just wanted to share some knowledge. I think I should have made it clearer in my first post in this thread.
And for the shutdown thing, I have seen it happen right in front of me too, I believe there are quite some different versions of the exploit around.
miscommunication leads to complications.
-
tftp listens on port 69 adsubtract proxy and this worm listen on 4444
-
Just to wrap up things, www.incidents.org is I have found always a good place to look when you suspect a new worm may be on the loose (or a place to check back with). Since they receive reports from so many different places, they tend to see trends faster and are usually a couple of days ahead of the curve in announcing things like this.
Also note, that when they find a worm, they continuously update the web page as they learn more (if you look at it now, it is substantially different than when I first posted the link).
/nebulus
-
On a side note, about a month ago I wrote a tutorial concerning this topic. You might find it useful: http://www.antionline.com/showthread...&postid=644317
-
O.K,
Heres my story.
I patched all the machines with an outside connection (Proxys etc)
What happened next has taken me all day to clear.
Someone has connected in to my velocoraptor and into a terminal server.
They were infected with some bugger of a bit of code which IP scans the range they are assigned dynamically.
It then opens the exploit and downloads a copy of its self to that machine and the process starts again.
Its everywhere and the sentrys are doing overtime dealing with port requests.
-
wow I haven't been here since january and the constant arguing and newbie machoness hasn't changed. oh well
-
