| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu Jan 26 04:35:14 2006 From: topsecretbattlesquad at gmail.com (Top Secret Battle squad) Subject: Re: BlackWorm: 2 million infected? ISP notifications. On 1/25/06, TheGesus <thegesus@...il.com> wrote: > On 1/25/06, Top Secret Battle squad <topsecretbattlesquad@...il.com> wrote: > > >A new list of IP's that hit the (still secret) counter address is being > > >compiled, so we can make another run of ISP notifications. > > > > You mean this address? : > > > > > > http://webstats.web.rcn.net/cgi-bin/Count.cgi?df=765247 > > > > It's only been in the Symantec description this whole time as: > > > > [http://]webstats.web.rcn.net/[REMOVED]/Count.cgi?df=765247 > > > > 3 million now. hehe > > Is it just me or is this whole thing getting overblown? > Undoubtably. There is simply no way that something with such a dumb vector for spreading is infecting hosts so quickly. It was at about 600k when I first took a look at the counter, and bumping up by 5 or 10 in the time it took me to read the number and hit reload. Earlier today it was bumping by a few hundred each time, and it's about the same rate now. I know that as more hosts get compromised, it should spread faster, but it really seems more like some guys with scripts are having a good laugh. Also, this counter script is pretty common, for those of you playing around with options. You can find a list of options and source code out there if you just look. If you don't want to contribute to the count when you poke it, for example, use incr=F. Love, The Top Secret Battle Squad
Powered by blists - more mailing lists