The Web    Google
8/3: Scaner-A Worm Uses Port 445

8/3: Scaner-A Worm Uses Port 445
August 3, 2004

W32/Scaner-A is a worm that exploits the LSASS vulnerability detailed in MS04-011.

The worm connects to a randomly-generated IP addresses on port 445 and uses the LSASS vulnerability to execute code on the remote computer. This code attempts to download a file from a preconfigured web server and execute it. During tests, this web server was not responding.

W32/Scaner-A may report its progress to the author via HTTP POST submissions.

  • MARID Floats Sender ID Compromise
  • 12/30: Troj/Agent-FO Downloads Files
  • FTC Publishes Web Site on Fraud Cases
  • 7/28: Downloader-NE.dr a New Trojan
  • 7/16: Rbot-DP Trojan Has Spreading Capability
  • 2/17: Rbot-WB Worm Has Trojan Functions
  • A Spec to Spike Spam?
  • 3/21: Sumon-C an IM and P2P Worm
  • 11/23: Backdoor.Sdbot.AH a Network-Aware Worm
  • 6/14: Dansh.worm!irc an IRC Bot
  • 10/28: Agobot-NU a Worm and Backdoor
  • Security Camera Companies and products