RE: (Moderator Note) Re: Anyome else seeing a rise in Mydoom Virusesover email?

[falcon () secureconsulting net]

It's been suggested that the news of the DDoS and the resultant traffic
from people "seeing if it's true" may have caused the alleged DoS against
SCO.  As the virus has the name, not the IP, hardcoded, it seems unlikely
that changing the IP would do much for them.  Some of us have wondered if
SCO is maintaining much more than a broadband connection, since they don't
seem to produce anything but lawsuits these days. ;)

> The site of SCO his not pingable since hours.
>
> I assume that they are in the process to change their IP address as White
> House did with CodeRed 1
>
> Jean-Luc Cavey
> France
>
> > -----Message d'origine-----
> > De : falcon () secureconsulting net [mailto:falcon () secureconsulting net]
> > Envoyé : mercredi 28 janvier 2004 15:38
> > À : incidents () securityfocus com
> > Objet : RE: (Moderator Note) Re: Anyome else seeing a rise in Mydoom
> > Virusesover email?
> >
> >
> > Just an fyi to the list...some (most? all?) groups have been unable to
> > verify that a DDoS against SCO actually launches (possibly
> > faulty code).
> > Furthermore, the DDoS routing seems to have a date-based
> > routing limiting
> > it to activity between Feb 1-12.  Therefore, sigs aimed at
> > monitoring for
> > port 80 attempts to www.sco.com may not be terribly effective
> > for catching
> > infected hosts.
> >
> > Instead of monitoring for www.sco.com, it looks like
> > monitoring for DNS
> > queries for hardcoded sites, or monitoring for port 25
> > traffic to the same
> > sites, might be more appropriate.
>
>
> ********************************************************************************************
> In KPMG's opinion, non-encrypted communication via the Internet
> is not to be considered secure.
> For that reason, it is KPMG's policy that uninvited use of the Internet
> concerning exchange of confidential information with our clients must not
> take place.
> When exchanging information, the client is held liable.
> This e-mail may contain confidential information and is
> intended solely for the addressee, and any disclosure of this information
> is
> strictly prohibited and may be unlawful.  If you have received this e-mail
> by mistake, please notify us immediately and delete this mail.
> ********************************************************************************************
>
>
> ---------------------------------------------------------------------------
> ----------------------------------------------------------------------------


---------------------------------------------------------------------------
----------------------------------------------------------------------------