Educause Security Discussion mailing list archives
Son of Conficker?
From: David Gillett <gillettdavid () FHDA EDU>
Date: Tue, 31 Aug 2010 15:43:29 -0700
Yesterday I noticed that our DNS servers were forwarding resolution requests for domain names that reminded me of the ones the Conficker worm was generating about 18 months ago or so. (If I recall correctly, the Conficker domains were all in .cn whereas I believe this latest crop were all in .ru ...) So it should not have surprised me when today three of our campus servers began trying to establish CIFS connections (Win 2K/XP file sharing, TCP port 445) to addresses scattered across the Internet, presumably trying to spread some worm they've become infected with.... Is anyone else seeing this? David Gillett
Current thread:
- Summary Wi-Fi student administrative system SAD James Farr '05 (Aug 31)
- Son of Conficker? David Gillett (Aug 31)