Jump to content


Photo

Port 135 Traffic Increase Due To Bobax.C

Started by AplusWebMaster , May 20 2004 04:19 PM

  • Please log in to reply
No replies to this topic

#1 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 20 May 2004 - 04:19 PM

FYI...from the Internet Storm Center:

- http://isc.sans.org/...date=2004-05-20
"A third Bobox variant has been discovered that now uses the RPC/DCOM vulnerability on TCP port 135 in addition to the existing probes on TCP ports 445 and 5000. The DCOM exploit code in Bobax.C contains offsets for both Windows 2000 and Windows XP so Bobax.C can now infect both of these OSes where Bobax.[AB] could only infect Windows XP."

>>> http://isc.sans.org/...ls.php?port=135 (see "Sources" spike - to 550K)
:(
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
Back to Security Warnings


  1. SpywareInfo Forum
  2. General Computing Issues
  3. Security Warnings
  4. Privacy Policy
Member of ASAP and UNITE
Support SpywareInfo Forum - click the button