[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Web counter in the new Swen/Gibe.F worm
- To: full-disclosure@xxxxxxxxxxxxxxxx
- Subject: Re: [Full-Disclosure] Web counter in the new Swen/Gibe.F worm
- From: "B.K. DeLong" <bkdelong@xxxxxxxxx>
- Date: Thu, 18 Sep 2003 18:09:30 -0400
At 02:31 PM 9/18/2003 -0400, you wrote:
Hi,
Joe Stewart of Lurhq.com has made an interesting discovery about the new
Swen/Gibe.F worm that started circulating today: When the worm infects
a new machine, it hits a Web counter.
The URL of the counter is:
http://ww2.fce.vutbr.cz/bin/counter.gif/link=bacillus&width=6&set=cnt006
If this URL wraps in your email reader, here's a shorter version:
http://tinyurl.com/nufo
At 2:30 EST, the counter is about 615,000.
Here's a bit more about the worm:
http://news.com.com/2100-7349_3-5078696.html
The server log entries for this counter might prove interesting to virus
researchers. These entries could provide data for a statistical study
of computer worm transmissions. Perhaps the Vutbr.cz Web site would be
willing to go public with this information.
Is anyone storing sample virii somewhere for analysis? Or do we have to
wait for it to show?
--
B.K. DeLong
bkdelong@xxxxxxxxx
+1.617.797.2472
http://ocw.mit.edu Work.
http://www.brain-stream.com Play.
http://www.the-leaky-cauldron.org Potter.
http://www.city-of-doors.com Sigil
PGP Fingerprint:
38D4 D4D4 5819 8667 DFD5 A62D AF61 15FF 297D 67FE
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html