> To clarify -- I'm talking about a worm based around the > exploit.
For the last few days (maybe its a full week now), we do see SDBot variants that include the RPC DCOM exploit. This has so far explained the increase in rpc scan activity. At this point, I don't think they qualify as a 'worm'. But its close. http://www.dshield.org/port_report.php?port=135&recax=1&tarax=1 On the other hand, SQL Slammer is still a lot more active at this point: http://www.dshield.org/port_report.php?port=1434&recax=1&tarax=1 > > On Thu, Aug 07, 2003 at 06:34:02AM -0400, Len Rose wrote: > > > > > > It seems to be true.. I haven't seen any > > code yet but-- > > > > http://lists.netsys.com/pipermail/full-disclosure/2003-August/007717.html -- -------------------------------------------------------------- Johannes Ullrich [EMAIL PROTECTED] pgp key: http://johannes.homepc.org/PGPKEYS -------------------------------------------------------------- "We regret to inform you that we do not enable any of the security functions within the routers that we install." [EMAIL PROTECTED] --------------------------------------------------------------