[53018] in North American Network Operators' Group
Odd behavior
daemon@ATHENA.MIT.EDU (Joe)
Sat Oct 26 20:24:50 2002
From: "Joe" <joej@rocknyou.com>
To: <nanog@merit.edu>
Date: Sat, 26 Oct 2002 20:24:22 -0400
Errors-To: owner-nanog-outgoing@merit.edu
Anyone noticing an increase in the amount of port 137 scans?
I've seen just just over 100 in the last 1 hour. When I probe the offender
I see them as MS items with their Harddrives shared wide open.
Only thing in common is they all appear to have some file called put.ini in
their root directory with a line that looks to be from a win.ini and states
brasil.pif or exe. Maybe some new virus?
Well heads up.
Cheers
-Joe
