Full Disclosure mailing list archives
Re: New Worm in the wild
From: "r1an" <r1an () hush ai>
Date: Tue, 19 Aug 2003 08:09:53 -0700
The ICMP traffic is probably Nachi/Welchia/Blaster.D. As for the email attachments, take your pick. We have several daily specials: Sobig.F is very popular, the Yaha.P is fresh, and the kids love Dumaru. http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MSBLAST.D http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SOBIG.F http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_YAHA.P http://securityresponse.symantec.com/avcenter/venc/data/w32.dumaru () mm html On Tue, 19 Aug 2003 07:30:17 -0700 dbtrino2 () hush com wrote:
we see a lot of ping traffic and have a lot of users who report of mails with attachements ~74KB which have not been send by the 'sender'.
Anyone can confirm this? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- New Worm in the wild dbtrino2 (Aug 19)
- Re: New Worm in the wild Andreas Gietl (Aug 19)
- Re: New Worm in the wild Andy (Aug 19)
- Re: New Worm in the wild Michael Mueller (Aug 19)
- Re: New Worm in the wild martin f krafft (Aug 19)
- New Worm in the wild Geo. (Aug 19)
- Re: Re: New Worm in the wild CHeeKY (Aug 19)
- <Possible follow-ups>
- RE: New Worm in the wild Johnson, Mark (Aug 19)
- Re: New Worm in the wild r1an (Aug 19)
- RE: New Worm in the wild Rainer Gerhards (Aug 19)