Full Disclosure mailing list archives
Re: msblast.exe
From: Cedric Raguenaud <security () raguenaud org>
Date: Tue, 12 Aug 2003 00:58:41 +0100
Has it peaked already? It could be only just me because I only have data from one of my firewalls at hand, therefore generalisation might be misguided, but it shows a peak at about 1900 GMT, then a sharp decrease:
http://www.raguenaud-online.org/cedric/dcom/dcom.jpgIt seems consistent with the Symantec preliminary document if I interpret then correctly, though:
https://tms.symantec.com/members/AnalystReports/030811-Alert-DCOMworm.pdf It might not live long enough to start DoSing windowsupdate.com at this rate. Robert Ersoni wrote:
Here is the latest on this from McAfee and Trend. http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100547 http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MSBLAST.ARob.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- msblast.exe David Vincent (Aug 11)
- Re: msblast.exe Scott Fendley (Aug 11)
- RE: msblast.exe Robert Ersoni (Aug 11)
- Re: msblast.exe Cedric Raguenaud (Aug 11)
- <Possible follow-ups>
- msblast.exe Export (Aug 14)
- Re: msblast.exe _bsec_ (Aug 14)
- RE: msblast.exe Roman Dorr (Aug 14)
- RE: msblast.exe Golomb, Gary (Aug 14)