We have now contacted the researcher that raised the original NT4 worm warning on the Full Disclosure security mailing list. Called Geo, the researcher said, "I know of six [NT4] systems infected so far. Two of them were not firewalled, and a third was but the third allowed access from the first two so it got infected through them. Another two had firewalls but allowed access from the third machine." I have no idea how the 6th system was configured, Geo added.
However, Paul Vlissidis, head of penetration testing at security specialist NCC Group, said the Sans data could be caused by something other than an NT4 worm. "The increase in port 139 activity shown by Sans could be down to the release of a metasploit framework plug-in [hacker tool] for MS 06-040 which has then been picked up by botnet authors and herders. The most recent worms that seem to use this are W32.Wargbot and Randex.GEL." However, Vlissidis said they are other worms targeting this port, and although there is no sign at the moment of a wave of attacks he warned against complacency.
Indian bank falls victim to suspected cyber attack from North Korea's Lazarus Group
Would you settle for door locks or invest in a burglar alarm too?
Australian government to require technology and communications companies to provide access to messages
New bill avoids demanding 'backdoors' in encryption, but includes measures to compel companies to provide access to encrypted communications
Indonesian overclocker Ivan Cupa (with the aid of a lot of liquid nitrogen) achieves record overclock on AMD's latest Threadripper