Full Disclosure mailing list archives

Re: New Worm in the wild

From: "r1an" <r1an () hush ai>
Date: Tue, 19 Aug 2003 08:09:53 -0700

The ICMP traffic is probably Nachi/Welchia/Blaster.D.  As for the email
attachments, take your pick. We have several daily specials: Sobig.F
is very popular, the Yaha.P is fresh, and the kids love Dumaru.

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MSBLAST.D
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SOBIG.F
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_YAHA.P
http://securityresponse.symantec.com/avcenter/venc/data/w32.dumaru () mm html

On Tue, 19 Aug 2003 07:30:17 -0700 dbtrino2 () hush com wrote:

we see a lot of ping traffic and have a lot of users who report
of mails with attachements ~74KB which have not been send by the 'sender'.

Anyone can confirm this?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

New Worm in the wild dbtrino2 (Aug 19)
- Re: New Worm in the wild Andreas Gietl (Aug 19)
- Re: New Worm in the wild Andy (Aug 19)
- Re: New Worm in the wild Michael Mueller (Aug 19)
- Re: New Worm in the wild martin f krafft (Aug 19)
  - New Worm in the wild Geo. (Aug 19)
  - Re: Re: New Worm in the wild CHeeKY (Aug 19)
- <Possible follow-ups>
- RE: New Worm in the wild Johnson, Mark (Aug 19)
- Re: New Worm in the wild r1an (Aug 19)
- RE: New Worm in the wild Rainer Gerhards (Aug 19)