Re: Unicode worm?

[Jonathan Rickman <jonathan () xcorps net>]

-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 21 Aug 2002, Kurt Seifried wrote:

> Make sure your servers are patched before they go online and if you're like
> me find someone nice to have dinner with and forget about it. There are much
> better things to do in life then worrying about the latest (or not so
> latest) windows worm.

I agree. It looks like someone has just whipped up a script to scan for
the vulnerability, possibly loosely based on the Nimda code. Not much to
be concerned with if you're patched. Not much you can really do about it
anyway. Lately, I've been just dropping all traffic from Korea and
surrounding areas. No offense to anyone, but it seems that anything
registered with APNIC should be under close scrutiny. Korean networks in
particular appear to be the armpit of the net. I have no need to
allow communication with them, so I just save myself the trouble and
filter it out.

- -- 
Jonathan Rickman
X Corps Security
http://www.xcorps.net


-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQEVAwUBPWWVDDTwrX0N9QH/AQFFxQgA1W3HTWh8KBJV+3a1NE5PSSchbXCTrgos
DEngFxZYtsZyTvB9ssvMdMXG6jhGRZhYWjC5rbEOKzkDT2oTI8bN9HY/L6PRLaAx
UmY/Sd/hrA2fxZ8tta6IBWtXSbNntvP5uS5bZ/wYCB5TFE8RgW+04glQgTrQd/QW
ReGasW8xzvk3NaMzVISoos90aZrjjTP7CTt9y8PmH0gFzsRajt1Okzr7AyIYWM3o
GlIvWTUBrS4p3gUcW7pnDI39NPMmyE8pBe+yMYg9POnd7wyXsug/eswYEXQe8kDR
9x1Vuu6knqnnnyElBF8UNq96ZEFb79g74vNUIVylYKy0DZJ8ZReo/Q==
=e72P
-----END PGP SIGNATURE-----



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com