[60398] in North American Network Operators' Group
Re: RPC errors
daemon@ATHENA.MIT.EDU (william@elan.net)
Mon Aug 11 16:27:28 2003
Date: Mon, 11 Aug 2003 11:05:36 -0700 (PDT)
From: william@elan.net
To: NANOG <nanog@merit.edu>
In-Reply-To: <3F37F8A3.3050402@brightok.net>
Errors-To: owner-nanog-outgoing@merit.edu
The following came through dshield which warns about new worm:
---
To: dshieldannounce@dshield.org
Subject: [Dshieldannounce] likely RPC worm captured. Moving to infocon 'yellow'
We received a copy of a binary that very much looks
like an RPC worm. Preliminary info:
- scans for port 135 as soon as it starts
point)
more details will be posted at http://isc.sans.org as
they become available. Please submit code captures
and the like to 'handlers@sans.org'
--
SANS - Internet Storm Center
http://isc.sans.org
On Mon, 11 Aug 2003, Jack Bates wrote:
>
> I'm showing signs of an RPC sweep across one of my networks that's
> killing some XP machines (only XP confirmed). How wide spread is this at
> this time. Also, does anyone know if this is just generating a DOS
> symptom or if I should be looking for backdoors in these client systems?
>
> -Jack
