Sortta OT: How do I see "Win32.Worm.Allaple.Gen" traffic in my Linux firewall?
Technomage
technomage.hawke at gmail.com
Thu May 20 01:28:58 MST 2010
On 5/19/10 5:44 PM, kitepilot at kitepilot.com wrote:
> Hello World:
> Long story short:
> I got an "official" notification that a computer behind my Linux
> firewall has the "Win32.Worm.Allaple.Gen" virus.
> I have some 150 puters NAT(ed) behind that firewall and no access
> whatsoever to any of them.
> Question is:
> What can I do at the Firewall level to identify the virus' traffic so
> I can harvest the puter's IP address...
> Thanks!
> ET
from
http://www.threatexpert.com/report.aspx?md5=732f8e67310a1de1c945948bda2512eb
***********
Summary of the findings:
What's been found:
A network-aware worm that uses known exploit(s) in order to replicate
across vulnerable networks.
MS04-012: DCOM RPC Overflow exploit - replication across TCP
135/139/445/593 (common for Blaster, Welchia, Spybot, Randex, other IRC
Bots).
Contains characteristics of an identified security risk.
***********
More information about the PLUG-discuss
mailing list