Educause Security Discussion mailing list archives

Re: Mydoom.B in Higher Ed

From: "Rodrigues, Philip" <phil.rodrigues () UCONN EDU>
Date: Thu, 29 Jan 2004 17:58:38 -0500

I agree that MyDoom.B does not appear to have the same impact MyDoom.A does.  Symantec classifies it as a "category 2" 
virus, which are usually too minor to necessitate emergency attention - at least around here.

Here is a graph of the number of email viruses our main mail servers have been stripping in each 30-minute reporting 
period over the last week.  We continue to receive between two and three thousand MyDoom.A messages an hour.  The graph 
nicely displays the new threshold for virus activity set by MyDoom.A - it used to be that a few hundred viruses an hour 
was considered a major outbreak:

http://turkey.uits.uconn.edu/~viruscount/images/viruscount-large.png
(Remember those numbers are per 30 minutes)

Wonder if this has set the new bar for incoming viruses in the same way Code Red (then Blaster) set the new bar for 
incoming scans?

Phil

-----Original Message-----
From:   The EDUCAUSE Security Discussion Group Listserv on behalf of Paul Russell
Sent:   Thu 1/29/2004 5:48 PM
To:     SECURITY () LISTSERV EDUCAUSE EDU
Cc:     
Subject:        Re: [SECURITY] Mydoom.B in Higher Ed
Marty Hoag wrote:

   Have the rest of you been getting hit with mydoom.b?
We have the latest signatures from McAfee on our e-mail
anti-virus scanners. We are still seeing thousands of
mydoom getting dropped but no mydoom-b. I wondered if
McAfee or mailscan (I'm not really familiar with all
the pieces) is just reporting both as mydoom or if our
domains are being ignored for some reason (that would
be ok too ;-).


McAfee has mydoom.b classified as "low profile". Apparently, it is very low
profile, because McAfee uvscan on our central mail servers has not detected
a single copy of mydoom.b in the last two days.

It appears that the original mydoom outbreak may be fading fast. Yesterday, our
central mail servers detected nearly 17,000 copies of the original mydoom virus.
So far today, they have detected only 348 copies of the original mydoom virus.
On the other hand, we are still seeing about 1000 copies of mydoom.a per hour.
We saw about 10,000 copies of mydoom.a yesterday, and have seen about 16,000
copies today.

--
Paul Russell
Senior Systems Administrator
University of Notre Dame


**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.




**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.

Current thread:

Mydoom.B in Higher Ed Marty Hoag (Jan 29)
- <Possible follow-ups>
- Re: Mydoom.B in Higher Ed Paul Russell (Jan 29)
- Re: Mydoom.B in Higher Ed Rodrigues, Philip (Jan 29)
- Re: Mydoom.B in Higher Ed James Morris (Jan 29)
- Re: Mydoom.B in Higher Ed Tenglund, Ann (Jan 29)