04-02-2007 07:34 AM - edited 03-10-2019 03:32 AM
I dont know if this is the right forum for this problem but I hope someone here can help. I have a new virus/worm spreading across my network. It will first ping random addresses in any known subnets and then try to attack port tcp 1433, tcp 2967, tcp 139. I have been sniffing one of the infected machines for the weekend so I have lots of data to look at but no one on the net seems to have a solution yet.
Thanks for your help
04-02-2007 09:09 AM
Sounds kind of like Win32/Nirbot Family.
More here:
http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=61701
Tom
04-02-2007 09:10 AM
possible botnet infection. The solution is very much dependent on your environment. If it were my network, I would shutdown outbound desktop Internet connectivity until it was resolved. At the very least, analyze the infected host(s) and block connections to suspect external hosts(look for IRC/HTTP especially). make sure all your MS SQL, Symantec, and Microsoft machines are patched. find all the infected hosts and re-image with the now fully-patched image;-)
see this link:
http://lists.sans.org/pipermail/unisog/2007-February/027085.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide