Here's a weird one: My Norton Internet Security burped tonight, having intercepted the above attack. So far, so good. The weird thing is, it was FROM my IP (192.168.0.7) TO someone else (216.x.x.x).
I clicked the 'more information' button, which leads to symantec's web site, which gives a list of the virus profiles... and this virus is NOT ON IT!
A search of their entire site for the above-named signature came up empty; there is a Welchia WORM (4 variants)... I ran the worm removal and it came up empty.
My liveupdate is up to date; I update it every day and run a scan every night.
Weird? Has anyone else seen this? As I said, it's way OT, but this is the best collection of brain power I know...
EDIT: Finally found something via google: This is a false positive; a virus signiture update sometime around the end of March put this bug in. Near as I can tell, it's caused by Yahoo messenger doing a ping of the Yahoo site. This pings looks like an attack to NIS. Hopefully Symantec will fix this shortly.
I gather no-one else has this problem!
I clicked the 'more information' button, which leads to symantec's web site, which gives a list of the virus profiles... and this virus is NOT ON IT!
A search of their entire site for the above-named signature came up empty; there is a Welchia WORM (4 variants)... I ran the worm removal and it came up empty.
My liveupdate is up to date; I update it every day and run a scan every night.
Weird? Has anyone else seen this? As I said, it's way OT, but this is the best collection of brain power I know...
EDIT: Finally found something via google: This is a false positive; a virus signiture update sometime around the end of March put this bug in. Near as I can tell, it's caused by Yahoo messenger doing a ping of the Yahoo site. This pings looks like an attack to NIS. Hopefully Symantec will fix this shortly.
I gather no-one else has this problem!