Full Disclosure mailing list archives

Re: Red Bull Worm

From: Valdis.Kletnieks () vt edu
Date: Thu, 07 Aug 2003 13:33:54 -0400

On Thu, 07 Aug 2003 11:47:48 CDT, Brian Eckman <eckman () umn edu>  said:

Pardon me if I am just plain ignorant, but where is this worm, and how 
on earth is it "more effective than Code Red ever was" already if nobody 
is talking about it? The only evidence of a worm I have seen is one 
person showing comments supposedly from source code of some program 
calling itself a worm...


The monitors at www.dshield.org *are* showing a slight rise in port 445 and 135
events, and there's been a lot of chatter about widespread exploits.  On the
other hand, I've not seen any firm evidence it's made the jump from "scanner/
exploit tool" to worm - there's certainly no CodeRed-sized spike in the
monitors (*YET* - if the worm has a slow first-phase deployment, things could
get interesting later this week)..

Attachment: _bin
Description:

Current thread:

DCOM Worm/scanner/autorooter !!! Stephen (Aug 07)
- Red Bull Worm Joel R. Helgeson (Aug 07)
  - Re: Red Bull Worm Berend-Jan Wever (Aug 07)
    - Re: Red Bull Worm CHeeKY (Aug 07)
    - RE: Red Bull Worm gml (Aug 07)
  - Re: Red Bull Worm Brian Eckman (Aug 07)
    - Re: Red Bull Worm Valdis . Kletnieks (Aug 07)
    - Re: Red Bull Worm Joel R. Helgeson (Aug 07)
    - Re: Red Bull Worm Brian Eckman (Aug 07)
  - RE: Red Bull Worm Adam (Aug 07)
    - Re: Red Bull Worm KF (Aug 07)
- Re: DCOM Worm/scanner/autorooter !!! Joey (Aug 07)
  - RE: DCOM Worm/scanner/autorooter !!! Warren Rees (Aug 08)
- <Possible follow-ups>
- Re: DCOM Worm/scanner/autorooter !!! roman . kunz (Aug 08)
  - Re: DCOM Worm/scanner/autorooter !!! Joey (Aug 10)
    - Re: DCOM Worm/scanner/autorooter !!! Stephen (Aug 10)