Re: Web counter in the new Swen/Gibe.F worm

["B.K. DeLong" <bkdelong () pobox com>]

At 02:31 PM 9/18/2003 -0400, you wrote:
> Hi,
>
> Joe Stewart of Lurhq.com has made an interesting discovery about the new
> Swen/Gibe.F worm that started circulating today:  When the worm infects
> a new machine, it hits a Web counter.
>
> The URL of the counter is:
>
>
> http://ww2.fce.vutbr.cz/bin/counter.gif/link=bacillus&width=6&set=cnt006
>
> If this URL wraps in your email reader, here's a shorter version:
>
>    http://tinyurl.com/nufo
>
> At 2:30 EST, the counter is about 615,000.
>
> Here's a bit more about the worm:
>
>    http://news.com.com/2100-7349_3-5078696.html
>
> The server log entries for this counter might prove interesting to virus
> researchers.  These entries could provide data for a statistical study
> of computer worm transmissions.  Perhaps the Vutbr.cz Web site would be
> willing to go public with this information.

Is anyone storing sample virii somewhere for analysis? Or do we have to 
wait for it to show?


--
B.K. DeLong
bkdelong () pobox com
+1.617.797.2472

http://ocw.mit.edu                           Work.
http://www.brain-stream.com               Play.
http://www.the-leaky-cauldron.org        Potter.
http://www.city-of-doors.com               Sigil

PGP Fingerprint:
38D4 D4D4 5819 8667 DFD5  A62D AF61 15FF 297D 67FE

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html