nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: in case nobody else noticed it, there was a mail worm released today

From: Mike Tancsa <mike () sentex net>
Date: Mon, 26 Jan 2004 21:00:40 -0500


We are seeing 2 wide spread worms right now, mydoom and dumaru.*

NAI has info at

http://vil.nai.com/vil/content/v_100983.htm

and

http://vil.nai.com/vil/content/v_100980.htm
They rate of it is quite surprising. By the description, the trick / method of infection does not seem all that different than past worms viri. Makes me wonder how many people in a room would reach into their purse/pocket on hearing, "Wallet inspector" 

        ---Mike


At 08:52 PM 26/01/2004, Paul Vixie wrote:


my copies (500 or so, before i filtered) are in a ~7MB gzip'd mailbox file
called http://sa.vix.com/~vixie/mailworm.mbox.gz (plz don't fetch that unless
you need it for comparison or analysis).  there's a high degree of splay in
the smtp/tcp peer address, and the sender is prepared to try backup MX's if
the primary rejects it, though it appears to try the MX's in priority order.
Previous By Date Next
Previous By Thread Next

Current thread: