RE: new msblaster on the loose?

["Arnold, Jamie" <harnold () binghamton edu>]

There were 2 confirmed and at least one more uncomfirmed iteration of this as of Tuesday, 

-----Original Message-----
From: David Vincent [mailto:david.vincent () mightyoaks com] 
Sent: Wednesday, August 13, 2003 1:23 PM
To: DShield List (E-mail); 'Full-Disclosure (E-mail); Incidents (E-mail)
Subject: new msblaster on the loose?

anyone else seeing this?

---------------

http://www.theinquirer.net/?article=11018

New version of Blaster worm on the loose Already

By INQUIRER staff: Wednesday 13 August 2003, 16:51 KASPERSKY LABS claimed this afternoon that there's already a new 
version of the Blaster/Lovesan worm on the loose.

And it says that's likely to mean a repeat of the outbreak we've seen during this week. The new variety of Lovesan 
exploits the same vulnerability.

Kaspersky says that the number of infected systems is around the 300,000 mark, and the new variety may double this 
number.

"In the worst case, the world community can face a global Internet slow down and regional disruption... to the World 
Wide Web," said Eugene Kaspersky, head of the labs.

The new variety uses the name TEEKIDS.EXE instead of MSBLAST.EXE, different code compression, and different signatures 
in the body of the worm. µ

---------------


David Vincent  CNA/MCSE
Network Administrator

www.mightyOaks.com
david.vincent () mightyoaks com


MIGHTY OAKS WIRELESS SOLUTIONS INC.
209-3347 Oak Street
Victoria, B.C. Canada V8X 1R2 
Phone: 250.386.9398   Fax:  250.386.9399
Pager: 250.380.4575   Cell: 250.884.3000

---------------------------------------------------------------------------
----------------------------------------------------------------------------


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html