[Snort-sigs] New LSASS Worm?

Wiryanto Victor wiryanto.victor at ...2983...
Thu Feb 3 01:49:24 EST 2005


Hello,

I know this is slightly off-topic, but I am really desperate for a clue.

For the past two days, I have been detecting heaps of traffic activities
made to  66.250.45.20, 147.32.123.94, 147.83.113.190 and 152.7.64.152.
This is happenning to some of my hosts (Windows 2000) which were not patched
up with MS04-011 vulnerabilities. These hosts, not only making connections
to TCP port 5190 of these networks, but also trying to spread via TCP port
445 to other Windows 2000/XP machines on the network.

I have tried everything I could do at these host, such as, installing latest
virus definition, and scanned them in safe mode, but the anti virus (McAfee)
is not able to detect any viruses nor worms. I end up manually re-route all
the traffic going to these network at the router's end.

Is there anybody who's having the same problem as me? Any help or
enlightment would be appreciated.

Thanks,





More information about the Snort-sigs mailing list