Full Disclosure mailing list archives
new worm traveling the net? (GNU/Linux)
From: Timo Schoeler <timo.schoeler () riscworks net>
Date: Mon, 19 Feb 2007 22:03:21 +0100
ahoy, a friend of mine contacted me because he saw lots of emails (60) to catchthismail () domain tld starting at about 5:00 am (US east coast time). so i checked our company's log files (about 300 users) and saw the same here starting at about 10:45am CET, ending at about 6pm, and about 40 emails of this in total. there was not pattern except the <catchthismail () domain tld> To: header; interestingly, scanning a few of those hosts immediately (dynamic assigned IP addresses) showed that it was GNU/Linux hosts. is this a new worm spreading or something already known? wbr, timo -- "Or what? You'll release the dogs? Or the bees? Or the dogs with bees in their mouths, and when they bark they shot bees at you?" (Homer J. Simpson) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- new worm traveling the net? (GNU/Linux) Timo Schoeler (Feb 19)
- Re: new worm traveling the net? (GNU/Linux) Michal Zalewski (Feb 19)
- Re: new worm traveling the net? (GNU/Linux) Timo Schoeler (Feb 19)
- Re: new worm traveling the net? (GNU/Linux) Timo Schoeler (Feb 19)
- Re: new worm traveling the net? (GNU/Linux) Przemyslaw Frasunek (Feb 20)
- Re: new worm traveling the net? (GNU/Linux) Michal Zalewski (Feb 19)