• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

My AntiSpyware

Free antispyware software, Online Scanners, Instructions on how to remove spyware and malware.

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools
Home › Worms › Worm uses MS04-007, MS05-017, MS05-039, MS06-040 bugs

Worm uses MS04-007, MS05-017, MS05-039, MS06-040 bugs

Myantispyware team August 31, 2006     No Comment    

For the past several days, ISC have received all kinds of emails about the recent increase in scanning on port 139. One of loyal readers out there on the ‘Information SuperHighway’, Alex Pettinger, wrote and and gave us some netstat and fport outputs from one of his machines that seemed to be affected by the worm, (as well as a nice copy of it). It appears, in typical antivirus fashion to be named several things: McAfee is calling it “W32/SDbot.worm!MS06-040“, Sophos is calling it, “W32/Vanebot-A“, and Symantec is calling it, “W32.Randex.GEL“. (Yes, it’s been out for a couple days)

Let’s take a look at this bad boy shall we? How does it spread.. well, it uses: MS04-007, MS05-017, MS05-039, and of course, our favorite bug of the moment, MS06-040.

This one should be relatively easy to catch, look for machines pounding away over port 139 (from reader submissions it’s about 150 machines in just a few seconds, so it should be noisy), look for connections via IRC to “forum.ednet.es” over port 4915. (Until the next variant changes it, and we know it will). It has the ability to do a bunch of things including spreading to network shares..

For protect your PC block 139 and 445 at the router/firewall. Netbios traffic shouldn’t be allowed to exit or enter your network from egress points anyway.

Update your antivirus. At least daily. Patch your Windows.

Thanks ISC

Worms

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

Leave a Reply Cancel reply




New Guides

Watchwatchvideo.com Google Transparency Report
Beware of watchwatchvideo.com: Unveiling the URL:Scam Threat
Ron Conway Email Scam
The Ron Conway Email Scam Revealed: How Scammers Exploit Names of Prominent Figures
Psoufauh.com Press Allow Scam
Psoufauh.com Virus Removal Guide
Enfissi.com Review: Is Enfissi a Scam or a Legitimate Online Store?
Werz ransomnote
How to remove Werz ransomware, Decrypt .Werz files.

Follow Us

Search

Useful Guides

Managed by your organization chrome virus
Chrome Managed by your organization malware removal guide
This setting is enforced by your administrator (Removal guide)
browser redirect virus
How to remove Browser redirect virus [Chrome, Firefox, IE, Edge]
How to reset Internet Explorer settings to default
How to remove pop-up ads [Chrome, Firefox, IE, Opera, Edge]

Recent Posts

How to remove DriveCleaner (Uninstall instructions)
Java extremely important update
Don’t be a victim or how to make better choices
Sophos Anti-Rootkit Eliminates hidden applications and processes
Netcraft Toolbar

MYANTISPYWARE.COM

  • About Us
  • Contact Us
  • Privacy Policy

NEED A HELP ?

If you're seeing unwanted pop-ups or ads in your web-browser, you might have an adware installed on your computer. Use the following guide to stop pop-up ads and remove malicious software. Or ask for help here.

Links

  • Downloads
  • Instructions
  • Questions and Answers
  • Free Malware Removal Tools
Copyright © 2004 - 2023 MASW - Myantispyware.com.