[Full-Disclosure] New variant of Nachi ?
KF
dotslash at snosoft.com
Wed Oct 29 11:54:10 GMT 2003
Awan, Farrukh (OCTO) wrote:
> Has any body detected a new variant of the Nachi worm infecting
> machines not patched with MS03-039. I couldn't find any details on it
> propagation except once a host is infected, it attempts to propagate
> via SMB over TCP (port 445). Any details on exploit code /payload...
>
>
> Best Regards;
>
> Farrukh Awan
>
> (202) -727-8856 (Office)
>
>
>
> **
>
>
https://gtoc.iss.net/issEn/delivery/gtoc/index.jsp
hreat Forecast
Our analysts are aware of a worm actively exploiting flaws addressed
under Microsoft Security Bulletin MS03-026 and MS03-039. This worm
activity is consistent with a variation of the Nachi or LovSan worms.
Once a host is infected, it will attempt to propagate outbound via port 445.
-KF
Full-Disclosure is hosted and sponsored by Secunia.