[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] New Worm in the wild

To: full-disclosure@lists.netsys.com
Subject: Re: [Full-Disclosure] New Worm in the wild
From: "r1an" <r1an@hush.ai>
Date: Tue, 19 Aug 2003 08:09:53 -0700

The ICMP traffic is probably Nachi/Welchia/Blaster.D.  As for the email
attachments, take your pick. We have several daily specials: Sobig.F
is very popular, the Yaha.P is fresh, and the kids love Dumaru.

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MSBLAST.D
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SOBIG.F
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_YAHA.P
http://securityresponse.symantec.com/avcenter/venc/data/w32.dumaru@mm.html

On Tue, 19 Aug 2003 07:30:17 -0700 dbtrino2@hush.com wrote:
>we see a lot of ping traffic and have a lot of users who report
>of mails with attachements ~74KB which have not been send by the 'sender'.
Anyone can confirm this?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: RE: [Full-Disclosure] New Worm in the wild
Next by Date: [Full-Disclosure] New Worm in the wild
Prev by thread: RE: [Full-Disclosure] New Worm in the wild
Next by thread: [Full-Disclosure] Using LaBrea to slow down the worm
Index(es):
- Date
- Thread