nanog mailing list archives
Re: Current Blackworm numbers
From: Gadi Evron <ge () linuxbox org>
Date: Fri, 27 Jan 2006 05:23:26 +0200
Fergie wrote:
Given all the noise that this issue has caused on the list, I thought I'd take a moment this afternoon and forward a URL that good folks over at LURHQ have made available with more realistic, and current, statistics on the BlackWorm cruft: http://www.lurhq.com/blackworm-stats.html Thanks to Joe Stewart at LURHQ.
Indeed! Joe Stewart (at LURHQ) and his work are both amazing.He took the information we at the TISF BlackWorm task force got from RCN (.com/.net - I have never seen a more whitehat ISP in my life) with the FBI's help, and spent days working on the worm and the data, de-duping, removing the hosts trying to poison the logs data or DDoS, etc.
He deserves the credit! There are so many other people working day and night on this:The incredible Johannes Ullrich at SANS ISC and tireless Prof. Randy Vaughn at Baylor EDU, as well as many others...
Many from the net-ops community. The SANS handlers (ALL OF THEM), who are always there when called.The FBI, US-CERT, DoD-CERT, REN-ISAC, KrCERT, FortiNet, MessageLabs... ... .. and many many others around the globe who still work on this and invest a ton of effort. They deserve the credit.
Like Joe wrote:"Even so, 300,000 infected users worldwide is not a terribly large amount when compared to previous worms like Sober or Mydoom. However, with this worm it isn't the quantity of infected users, it is the destructive payload which is most concerning."
Gadi.
Current thread:
- Current Blackworm numbers Fergie (Jan 26)
- Re: Current Blackworm numbers Gadi Evron (Jan 26)
- Destructive computer viruses from history Sean Donelan (Jan 27)
- Re: Destructive computer viruses from history Martin Hannigan (Jan 28)
- Re: Destructive computer viruses from history Gadi Evron (Jan 28)
- Destructive computer viruses from history Sean Donelan (Jan 27)
- Re: Current Blackworm numbers Gadi Evron (Jan 26)