Security Incidents mailing list archives

RE: (Moderator Note) Re: Anyome else seeing a rise in Mydoom Virusesover email?

From: "Cavey, Jean-Luc" <jlcavey () kpmg com>
Date: Wed, 28 Jan 2004 18:35:52 +0100

The site of SCO his not pingable since hours.

I assume that they are in the process to change their IP address as White
House did with CodeRed 1

Jean-Luc Cavey
France

-----Message d'origine-----
De : falcon () secureconsulting net [mailto:falcon () secureconsulting net]
Envoyé : mercredi 28 janvier 2004 15:38
À : incidents () securityfocus com
Objet : RE: (Moderator Note) Re: Anyome else seeing a rise in Mydoom
Virusesover email?


Just an fyi to the list...some (most? all?) groups have been unable to
verify that a DDoS against SCO actually launches (possibly 
faulty code). 
Furthermore, the DDoS routing seems to have a date-based 
routing limiting
it to activity between Feb 1-12.  Therefore, sigs aimed at 
monitoring for
port 80 attempts to www.sco.com may not be terribly effective 
for catching
infected hosts.

Instead of monitoring for www.sco.com, it looks like 
monitoring for DNS
queries for hardcoded sites, or monitoring for port 25 
traffic to the same
sites, might be more appropriate.



********************************************************************************************
In KPMG's opinion, non-encrypted communication via the Internet 
is not to be considered secure. 
For that reason, it is KPMG's policy that uninvited use of the Internet
concerning exchange of confidential information with our clients must not take place.
When exchanging information, the client is held liable. 
This e-mail may contain confidential information and is 
intended solely for the addressee, and any disclosure of this information is 
strictly prohibited and may be unlawful.  If you have received this e-mail by mistake, please notify us immediately and 
delete this mail.
********************************************************************************************


---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

RE: (Moderator Note) Re: Anyome else seeing a rise in Mydoom Virusesover email? Cavey, Jean-Luc (Jan 28)
- Message not available
  - RE: (Moderator Note) Re: Anyome else seeing a rise in Mydoom Virusesover email? falcon (Jan 28)
- Re: (Moderator Note) Re: Anyome else seeing a rise in Mydoom Virusesover email? O'Brien Sean (Jan 28)