Full Disclosure mailing list archives
Re: Red Bull Worm
From: Valdis.Kletnieks () vt edu
Date: Thu, 07 Aug 2003 13:33:54 -0400
On Thu, 07 Aug 2003 11:47:48 CDT, Brian Eckman <eckman () umn edu> said:
Pardon me if I am just plain ignorant, but where is this worm, and how on earth is it "more effective than Code Red ever was" already if nobody is talking about it? The only evidence of a worm I have seen is one person showing comments supposedly from source code of some program calling itself a worm...
The monitors at www.dshield.org *are* showing a slight rise in port 445 and 135 events, and there's been a lot of chatter about widespread exploits. On the other hand, I've not seen any firm evidence it's made the jump from "scanner/ exploit tool" to worm - there's certainly no CodeRed-sized spike in the monitors (*YET* - if the worm has a slow first-phase deployment, things could get interesting later this week)..
Attachment:
_bin
Description:
Current thread:
- DCOM Worm/scanner/autorooter !!! Stephen (Aug 07)
- Red Bull Worm Joel R. Helgeson (Aug 07)
- Re: Red Bull Worm Berend-Jan Wever (Aug 07)
- Re: Red Bull Worm CHeeKY (Aug 07)
- RE: Red Bull Worm gml (Aug 07)
- Re: Red Bull Worm Brian Eckman (Aug 07)
- Re: Red Bull Worm Valdis . Kletnieks (Aug 07)
- Re: Red Bull Worm Joel R. Helgeson (Aug 07)
- Re: Red Bull Worm Brian Eckman (Aug 07)
- Re: Red Bull Worm Berend-Jan Wever (Aug 07)
- RE: Red Bull Worm Adam (Aug 07)
- Re: Red Bull Worm KF (Aug 07)
- Red Bull Worm Joel R. Helgeson (Aug 07)
- Re: DCOM Worm/scanner/autorooter !!! Joey (Aug 07)
- RE: DCOM Worm/scanner/autorooter !!! Warren Rees (Aug 08)
- <Possible follow-ups>
- Re: DCOM Worm/scanner/autorooter !!! roman . kunz (Aug 08)
- Re: DCOM Worm/scanner/autorooter !!! Joey (Aug 10)
- Re: DCOM Worm/scanner/autorooter !!! Stephen (Aug 10)
- Re: DCOM Worm/scanner/autorooter !!! Joey (Aug 10)