We have now contacted the researcher that raised the original NT4 worm warning on the Full Disclosure security mailing list. Called Geo, the researcher said, "I know of six [NT4] systems infected so far. Two of them were not firewalled, and a third was but the third allowed access from the first two so it got infected through them. Another two had firewalls but allowed access from the third machine." I have no idea how the 6th system was configured, Geo added.
However, Paul Vlissidis, head of penetration testing at security specialist NCC Group, said the Sans data could be caused by something other than an NT4 worm. "The increase in port 139 activity shown by Sans could be down to the release of a metasploit framework plug-in [hacker tool] for MS 06-040 which has then been picked up by botnet authors and herders. The most recent worms that seem to use this are W32.Wargbot and Randex.GEL." However, Vlissidis said they are other worms targeting this port, and although there is no sign at the moment of a wave of attacks he warned against complacency.
Electronics and computer chain the latest high street retailer to fall into difficulties
Incisive Media and Investec Asset Management supported fundraiser crosses Atlantic in 40 days
Alphabet's health sciences division Verily have been messing with AI algorithms
North Korea's cyber attack capabilities are expanding fast - and turning their fire on a wider range of targets