myNetWatchman KnowledgeBase
Pooling knowledge to
secure the internet.
|
 |
Protocol: TCP
Port: 139
Description: NetBIOS Session
NetBIOS Session probes are used to determine whether the target system has
open networking "shares". This is likely one of the most prevalent
vulnerabilities, since many Internet users establish home networks by turning
on Microsoft File and Print Sharing but do not establish passwords on their
shares. Based on our analysis of infection rates of the QaZ
worm, we estimate that 1-3% of all Internet users have unprotected file shares.
2003-03-10: Nebiwo Worm detected
During March 2003 myNetWatchman trending indicated a substantial increase in tcp/139 probing.
Forensic analysis of several sources of this activity identified the Nebiwo worm as (at least)
one of the causes. This worm is a serious threat as it also cause the propagation of
DDoS clients such as Litmus and SDbot.
See: Nebiwo
|
