[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Red Bull Worm

To: Brian Eckman <eckman@umn.edu>
Subject: Re: [Full-Disclosure] Red Bull Worm
From: Valdis.Kletnieks@vt.edu
Date: Thu, 07 Aug 2003 13:33:54 -0400

On Thu, 07 Aug 2003 11:47:48 CDT, Brian Eckman <eckman@umn.edu>  said:

> Pardon me if I am just plain ignorant, but where is this worm, and how 
> on earth is it "more effective than Code Red ever was" already if nobody 
> is talking about it? The only evidence of a worm I have seen is one 
> person showing comments supposedly from source code of some program 
> calling itself a worm...

The monitors at www.dshield.org *are* showing a slight rise in port 445 and 135
events, and there's been a lot of chatter about widespread exploits.  On the
other hand, I've not seen any firm evidence it's made the jump from "scanner/
exploit tool" to worm - there's certainly no CodeRed-sized spike in the
monitors (*YET* - if the worm has a slow first-phase deployment, things could
get interesting later this week)..

PGP signature

References:
- [Full-Disclosure] DCOM Worm/scanner/autorooter !!!
  - From: Stephen <alf1num3rik@yahoo.com>
- [Full-Disclosure] Red Bull Worm
  - From: "Joel R. Helgeson" <joel@helgeson.com>
- Re: [Full-Disclosure] Red Bull Worm
  - From: Brian Eckman <eckman@umn.edu>

Prev by Date: Re: [Full-Disclosure] Red Bull Worm
Next by Date: Re: [Full-Disclosure] Red Bull Worm
Prev by thread: Re: [Full-Disclosure] Red Bull Worm
Next by thread: Re: [Full-Disclosure] Red Bull Worm
Index(es):
- Date
- Thread