The Web    Google
8/3: Scaner-A Worm Uses Port 445

8/3: Scaner-A Worm Uses Port 445
August 3, 2004

W32/Scaner-A is a worm that exploits the LSASS vulnerability detailed in MS04-011.

The worm connects to a randomly-generated IP addresses on port 445 and uses the LSASS vulnerability to execute code on the remote computer. This code attempts to download a file from a preconfigured web server and execute it. During tests, this web server was not responding.

W32/Scaner-A may report its progress to the author via HTTP POST submissions.

  • IE Vulnerability Flagged
  • Teen Held For Allegedly Swiping Code
  • Linux Privilege Escalation Hole Detected
  • 1/18: Rbot-TS Worm Spreads to Weak Shares
  • 8/3: Scaner-A Worm Uses Port 445
  • 4/15: Kelvir-J an IM Worm
  • Vericept Adds Fraud, Identity Theft Protection
  • 2/28: Rbot-UC a Worm and Trojan
  • Gentoo 2005.0 All About Security
  • 10/20: Spybot-DF an IRC Backdoor Worm
  • Schumer Introduces No Spam Registry Bill
  • Security Camera Product