RE: Phatbox: Media Hype? Scare Tactics?

["Ken Dunham" <dunhamk () rmci net>]

> Is this hype or is this really spreading? Smells like hype to me because
> SARC reports nothing described as Phatbox and turns up nothing in the
> Symantec virus/backdoor database.
>
> *********************
>
> It's not hype.  This is one of the Mydoom/Beagle/Netsky variants (I just
> don't recall which variant or which of the three worms it is off the top
> of my head).  Since these vx groups "own" thousands of boxes, each time
> they seed a new virus, they infect thousands of machines.  Even if it
> isn't spreading, it's still in a lot of boxes.

Additionally, before anti-virus detected it or even reported on Phatbot.A it
was out there and had infected some networks.  There is a minimum of at
least 4 Phatbot variants now.  We've been tracking this entire
situation...It's not a matter of how many there are but *which* networks end
up being compromised...and it is growing.

Ken Dunham
Director of Malicious Code
PGP KeyID: 0x6A8AC63F
iDEFENSE Inc. - www.idefense.com
54-68-65-20-70-6F-77-65-72-20-6F-66-20-69-6E-74-65-6C-6C-69-67-65-6E-63-65-2
0-73-74-61-72-74-73-20-68-65-72-65-21


---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security

Protect your network against hackers, viruses, spam and other risks with Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost of
ownership.

Download your free trial at 
http://www.securityfocus.com/sponsor/Astaro_incidents_040301
----------------------------------------------------------------------------