[<prev] [next>] [day] [month] [year] [list]
Message-ID: <E8A3392724A75849B7FA030CAF41A748797B4E@amserv0.affinity-mortgage.com>
From: rahnemann at affinity-mortgage.com (Robert Ahnemann)
Subject: Re: new msblaster on the loose?
If it exploits the same vulnerability, won't it be LESS effective since many people have been hit and thus patched their systems? Wouldn't an effective blaster variant find a different loophole?
-----Original Message-----
From: Jay Woody [mailto:jay_woody@....com]
Sent: Thursday, August 14, 2003 10:12 AM
To: list@...ield.org; full-disclosure@...ts.netsys.com; david.vincent@...htyoaks.com; incidents@...urityfocus.com
Subject: [Full-Disclosure] Re: new msblaster on the loose?
Guys, not to be weird, but wtf does this mean?
>> And it says that's likely to mean a repeat of the outbreak we've
seen during
>> this week. The new variety of Lovesan exploits the same
vulnerability.
>>
>> Kaspersky says that the number of infected systems is around the
300,000
>> mark, and the new variety may double this number.
>>
>> "In the worst case, the world community can face a global Internet
slow down
>> and regional disruption... to the World Wide Web," said Eugene
Kaspersky,
>> head of the labs.
If people got hit and they patched, then how will this be a repeat?
How will the numbers DOUBLE?! "In the worst case . . . "? No, in the
worst case, New Kids on the Block could start a reunion tour. Give me a
break, the first one hit, surely a bunch of people patched (even some of
the people that didn't beforehand are surely smart enough to realize the
error of their way now right?!). So any future infection is bound to be
less unless it has figured out a different way to exploit it (in which
case it really isn't the same worm is it?) or figures out a way to scan
IP addresses that the first one didn't. I don't see anything saying
that this worm is any different than the first one in those cases, so
sounds like FUD to me.
JayW
>>> David Vincent <david.vincent@...htyoaks.com> 08/13/03 12:23PM >>>
anyone else seeing this?
---------------
http://www.theinquirer.net/?article=11018
New version of Blaster worm on the loose
Already
By INQUIRER staff: Wednesday 13 August 2003, 16:51
KASPERSKY LABS claimed this afternoon that there's already a new
version of
the Blaster/Lovesan worm on the loose.
And it says that's likely to mean a repeat of the outbreak we've seen
during
this week. The new variety of Lovesan exploits the same vulnerability.
Kaspersky says that the number of infected systems is around the
300,000
mark, and the new variety may double this number.
"In the worst case, the world community can face a global Internet slow
down
and regional disruption... to the World Wide Web," said Eugene
Kaspersky,
head of the labs.
The new variety uses the name TEEKIDS.EXE instead of MSBLAST.EXE,
different
code compression, and different signatures in the body of the worm. ?
---------------
David Vincent CNA/MCSE
Network Administrator
www.mightyOaks.com
david.vincent@...htyoaks.com
MIGHTY OAKS WIRELESS SOLUTIONS INC.
209-3347 Oak Street
Victoria, B.C. Canada V8X 1R2
Phone: 250.386.9398 Fax: 250.386.9399
Pager: 250.380.4575 Cell: 250.884.3000
---------------------------------------------------------------------------
----------------------------------------------------------------------------
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists