| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 05 Feb 2004 13:18:26 +0100 From: Andreas Marx <amarx@...a-it.de> To: "Larry Seltzer" <larry@...ryseltzer.com> Cc: <bugtraq@...urityfocus.com> Subject: Re: Hysterical first technical alert from US-CERT Hi! >I just got the alert below from US-CERT. It's one of the new lists they >started. Some things about it bother me. First, it's dated 1/28, the day >MyDoom.B was discovered, and the message sent field says that too; other >dates in the headers disagree. Yes, I got this report as well and I agree with you that MyDoom.B was not able to spread widely at all. It looks like a mistake to me -- maybe they wanted to warn for MyDoom.A instead of MyDoomB.? At the time of the writing, Trend Micro's online scanner HouseCall has found and cleaned more than 900.000 MyDoom.A-infected machines: <http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYDOOM.A&VSect=S> However, they only found 7 (seven) MyDoom.B infected PCs world-wide: <http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYDOOM.B&VSect=S> At least one av company has send out a wrong alert for MyDoom.B as well (they wanted to update their MyDoom.A advisory, but they mixed-up both worms descriptions). A German news about this possible false alert can be found here: http://www.heise.de/newsticker/meldung/44281 cheers, Andreas -- BSc. Andreas Marx <amarx@...a-it.de>, http://www.av-test.org AV-Test GmbH, Klewitzstr. 7, 39112 Magdeburg, Germany Phone: +49 (0)391 6075466, Fax: +49 (0)391 6075469
Powered by blists - more mailing lists