|
Written by Matt Jonkman
|
|
Tuesday, 18 March 2008 |
|
Bit of a funny one today. Win32.Philis is a regular old worm/trojan. http://vil.nai.com/vil/content/v_141203.htm We caught a Win32.Philis.J and it does local probing to spread. I uses an ICMP request with the payload "Hello, World". Rather unique of course. Sig 2008017 is out there to catch it. You'll notive it's any to any. That's because the pinging will mostly be local to loca, but it'll be interesting to see if any of these come in at you from the outside. Thought this an intereseting one worth noting here. Some days it's nice to see the bad guys giving us an easy one. If you're listening, thanks! Matt
|
|
Last Updated ( Tuesday, 18 March 2008 )
|
