Security Incidents mailing list archives
RE: (Moderator Note) Re: Anyome else seeing a rise in Mydoom Virusesover email?
From: "Cavey, Jean-Luc" <jlcavey () kpmg com>
Date: Wed, 28 Jan 2004 18:35:52 +0100
The site of SCO his not pingable since hours. I assume that they are in the process to change their IP address as White House did with CodeRed 1 Jean-Luc Cavey France
-----Message d'origine----- De : falcon () secureconsulting net [mailto:falcon () secureconsulting net] Envoyé : mercredi 28 janvier 2004 15:38 À : incidents () securityfocus com Objet : RE: (Moderator Note) Re: Anyome else seeing a rise in Mydoom Virusesover email? Just an fyi to the list...some (most? all?) groups have been unable to verify that a DDoS against SCO actually launches (possibly faulty code). Furthermore, the DDoS routing seems to have a date-based routing limiting it to activity between Feb 1-12. Therefore, sigs aimed at monitoring for port 80 attempts to www.sco.com may not be terribly effective for catching infected hosts. Instead of monitoring for www.sco.com, it looks like monitoring for DNS queries for hardcoded sites, or monitoring for port 25 traffic to the same sites, might be more appropriate.
******************************************************************************************** In KPMG's opinion, non-encrypted communication via the Internet is not to be considered secure. For that reason, it is KPMG's policy that uninvited use of the Internet concerning exchange of confidential information with our clients must not take place. When exchanging information, the client is held liable. This e-mail may contain confidential information and is intended solely for the addressee, and any disclosure of this information is strictly prohibited and may be unlawful. If you have received this e-mail by mistake, please notify us immediately and delete this mail. ******************************************************************************************** --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- RE: (Moderator Note) Re: Anyome else seeing a rise in Mydoom Virusesover email? Cavey, Jean-Luc (Jan 28)
- Message not available
- Re: (Moderator Note) Re: Anyome else seeing a rise in Mydoom Virusesover email? O'Brien Sean (Jan 28)