Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Another wave of virus / New Gaobot / HP Web JetAdmin Vulnerability exploitation SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Another wave of virus / New Gaobot / HP Web JetAdmin Vulnerability exploitation


Some news about yesterdays diary about "Phatbot exploiting LSASS".
The binary was identified today by Symantec beta virus definition as

This is the not the end...we received information about another yet variation that is not identified by this beta virus defs. As reported in previous diaries, the source code of the worm is available on the underground, and continuous and more controlled / dangerous versions are expected.

Bagle.aa/Beagle.X and Netsky.AB on the wild

A new version of the Beagle worm was discovered today. Besides the common
behavior of spreading itself by file-sharing and email, this version also opens a
backdoor on port 2535.
Also, versions of the newest version of Netsky (Netsky.AB) is reported to
be on the wild.
At this time, some of the major AV companies already have updated the virus
definitions file that allows the detection of them.

HP Web JetAdmin vulnerability exploitation

We received a report about the exploitation of the HP Web JetAdmin vulnerability posted at the Bugtraq mailing list.
This vulnerability affects version 6.5. Also, versions 6.2 and 7.0 are partially affected.


Handler on duty: Pedro Bueno (

155 Posts
ISC Handler
Apr 28th 2004

Sign Up for Free or Log In to start participating in the conversation!