[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Windows Dcom Worm planned DDoS

To: <bugtraq@securityfocus.com>, <full-disclosure@lists.netsys.com>
Subject: [Full-Disclosure] Windows Dcom Worm planned DDoS
From: "Andrew Thomas" <andrewt@nmh.co.za>
Date: Tue, 12 Aug 2003 12:00:01 +0200

Hi,

The examinations of the code so far indicate that the worm is 
coded to DoS the windowsupdate site from the 15th of August 
onwards through the end of the year.

I haven't seen anything mentioning whether or not the IP is
hardcoded. If not, shouldn't Microsoft just set the forward
resolve to 127.0.0.1 for a period of time?

That will probably save many, many $'s of wasted traffic.

--
Andrew G. Thomas
Hobbs & Associates Chartered Accountants (SA)
(o) +27-(0)21-683-0500
(f) +27-(0)21-683-0577
(m) +27-(0)83-318-4070 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- RE: [Full-Disclosure] Windows Dcom Worm planned DDoS
  - From: "Chris Eagle" <cseagle@redshift.com>
- Re: [Full-Disclosure] Windows Dcom Worm planned DDoS
  - From: Nick FitzGerald <nick@virus-l.demon.co.uk>
- RE: [Full-Disclosure] Windows Dcom Worm planned DDoS
  - From: "Wcc" <wcc@techmonkeys.org>

Prev by Date: Re: [Full-Disclosure] ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd)
Next by Date: RE: [Full-Disclosure] aside: worm vs. worm?
Prev by thread: Re: [fd] AW: [Full-Disclosure] attacks shutting down windows machines?
Next by thread: RE: [Full-Disclosure] Windows Dcom Worm planned DDoS
Index(es):
- Date
- Thread