[nsp-sec] new storm worm campaign - april fool's day

Gabriel Iovino giovino at ren-isac.net
Mon Mar 31 16:16:51 EDT 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

We will send notifications to the following:

186     | 136.242.140.162  | 28145           | CUA-AS - The Catholic
University of America
237     | 198.109.51.252   | 20309           | MERIT-AS-14 - Merit
Network Inc.
1767    | 199.8.28.5       | 24654           | ILIGHT-NET - Indiana
Higher Education Telecommunication System
2381    | 138.74.50.183    | 10964           | WISCNET1-AS - University
of Wisconsin-Madison
2897    | 167.198.97.231   | 22312           | GEORGIA-1 - State of
Georgia (DOAS)
11686   | 165.138.254.1    | 28235           | ENA - Education Networks
of America
11686   | 165.139.64.181   | 26807           | ENA - Education Networks
of America
16473   | 206.23.59.183    | 11547           | TNII - Bell South


Thank you

Gabe

- --
Gabriel Iovino
Principal Security Engineer, REN-ISAC
http://www.ren-isac.net
24x7 Watch Desk +1(317)278-6630

Jose Nazario wrote:
| ----------- nsp-security Confidential --------
|
|
|
| ------------------------------------------------------------------------
|
| same MO as before, with april fool's day campaign.
|
| funny.exe, kickme.exe and foolsday.exe
|
| same MD5 for all when fetched at the same time
|
| new peerlist, decoded and attached.
|
| -------------------------------------------------------------
| jose nazario, ph.d.     <jose at arbor.net>
| security researcher, office of the CTO,  arbor networks
| v: (734) 821 1427           http://asert.arbornetworks.com/
|
|
| ------------------------------------------------------------------------
|
|
|
| _______________________________________________
| nsp-security mailing list
| nsp-security at puck.nether.net
| https://puck.nether.net/mailman/listinfo/nsp-security
|
| Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
| community. Confidentiality is essential for effective Internet
security counter-measures.
| _______________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkfxRrMACgkQwqygxIz+pTs/gACeK3+8S41xvQZ9L2JubfnMorVg
proAn2tYjnInXnSFunTLU1VyklwxVYoQ
=qCH5
-----END PGP SIGNATURE-----

More information about the nsp-security mailing list