Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Another wave of virus / New Gaobot / HP Web JetAdmin Vulnerability exploitation - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Another wave of virus / New Gaobot / HP Web JetAdmin Vulnerability exploitation

W32.Gaobot.AFJ

Some news about yesterdays diary about "Phatbot exploiting LSASS".
The binary was identified today by Symantec beta virus definition as
W32.Gaobot.AFJ.


This is the not the end...we received information about another yet variation that is not identified by this beta virus defs. As reported in previous diaries, the source code of the worm is available on the underground, and continuous and more controlled / dangerous versions are expected.




Bagle.aa/Beagle.X and Netsky.AB on the wild

A new version of the Beagle worm was discovered today. Besides the common
behavior of spreading itself by file-sharing and email, this version also opens a
backdoor on port 2535.
Also, versions of the newest version of Netsky (Netsky.AB) is reported to
be on the wild.
At this time, some of the major AV companies already have updated the virus
definitions file that allows the detection of them.
Reference: http://www.sarc.com/avcenter/venc/data/w32.beagle.x@mm.html

http://www.sarc.com/avcenter/venc/data/w32.netsky.ab@mm.html

HP Web JetAdmin vulnerability exploitation

We received a report about the exploitation of the HP Web JetAdmin vulnerability posted at the Bugtraq mailing list.
This vulnerability affects version 6.5. Also, versions 6.2 and 7.0 are partially affected.
Reference: http://www.securityfocus.com/archive/1/361535/2004-04-24/2004-04-30/0

-------------------------------------------------

Handler on duty: Pedro Bueno (bueno_AT_ieee.org)
Pedro

155 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!