Re: TCP 445 Scan?

Maybe it's this new worm?

http://www.viruslist.com/eng/viruslist.html?id=59741

Worm.Win32.Randon

Randon is a Virus-Worm distributed via IRC-channels and LANs with shared resources.

When executed this worm installs its components into the subdirectory zxz and/or zx in the Windows system directory and registers its main file and the mIRC client in the Windows registry auto-run key (below):

HKLM\\Software\Microsoft\Windows\CurrentVersion\Run\updateWins

Randon then executes the above key and hides the process via the HideWIndows utility. Randon connects to the IRC-server and executes its scripts. In addition to DDoS attacks and IRC channel flooding, Randon scans port 445 of other IRC clients.

[snip]

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

At 01:25 PM 2/27/2003, Charles Hamby wrote:

>Morning/Afternoon All,

<Pre>Lose another weekend managing your IDS? Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A> Received on Wed Mar 5 11:29:01 2003