Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

New worm eating my network up

I dont know if this is the right forum for this problem but I hope someone here can help. I have a new virus/worm spreading across my network. It will first ping random addresses in any known subnets and then try to attack port tcp 1433, tcp 2967, tcp 139. I have been sniffing one of the infected machines for the weekend so I have lots of data to look at but no one on the net seems to have a solution yet.

Thanks for your help

2 REPLIES
Blue

Re: New worm eating my network up

Sounds kind of like Win32/Nirbot Family.

More here:

http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=61701

Tom

Gold

Re: New worm eating my network up

possible botnet infection. The solution is very much dependent on your environment. If it were my network, I would shutdown outbound desktop Internet connectivity until it was resolved. At the very least, analyze the infected host(s) and block connections to suspect external hosts(look for IRC/HTTP especially). make sure all your MS SQL, Symantec, and Microsoft machines are patched. find all the infected hosts and re-image with the now fully-patched image;-)

see this link:

http://lists.sans.org/pipermail/unisog/2007-February/027085.html

138
Views
8
Helpful
2
Replies
CreatePlease to create content