Re: [Full-Disclosure] Worm of the worm?

2004-05-16 Thread Valdis . Kletnieks
On Sat, 15 May 2004 14:43:14 MDT, Bruce Ediger [EMAIL PROTECTED] said: That document claims the vulnerable population of the Witty worm was only about 12,000 computers, and goes on to imply pretty strongly that effectively 100% of the vulnerable population got infected due to the speed of

Re: [Full-Disclosure] Worm of the worm?

2004-05-15 Thread Bruce Ediger
On Fri, 14 May 2004 [EMAIL PROTECTED] wrote: It's really sad that Sasser has nailed *so many* machines that Dabber is able to propagate. Well, what about the Witty worm? It only infected machines running a brand of firewall with a particular plug-in, as I read this document (I'm no Windows

[Full-Disclosure] Worm of the worm?

2004-05-14 Thread Roberto Navarro - TusProfesionales.es
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have detected some scans lookin' for the 5554 port (sasser's ftpd). Does somebody know anything about a new worm, exploiting its vulnerabilty? Roberto a.k.a. Logan There are no answers, only cross refernces. --

RE: [Full-Disclosure] Worm of the worm?

2004-05-14 Thread Randal, Phil
: 14 May 2004 13:26 To: [EMAIL PROTECTED] Subject: [Full-Disclosure] Worm of the worm? -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have detected some scans lookin' for the 5554 port (sasser's ftpd). Does somebody know anything about a new worm, exploiting its vulnerabilty

Re: [Full-Disclosure] Worm of the worm?

2004-05-14 Thread Maxime Ducharme
- TusProfesionales.es [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, May 14, 2004 8:26 AM Subject: [Full-Disclosure] Worm of the worm? -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have detected some scans lookin' for the 5554 port (sasser's ftpd). Does somebody know anything

Re: [Full-Disclosure] Worm of the worm?

2004-05-14 Thread Frank Knobbe
On Fri, 2004-05-14 at 07:26, Roberto Navarro - TusProfesionales.es wrote: I have detected some scans lookin' for the 5554 port (sasser's ftpd). Does somebody know anything about a new worm, exploiting its vulnerabilty? Perhaps the Dabber worm? http://www.lurhq.com/dabber.html Regards,

Re: [Full-Disclosure] Worm of the worm?

2004-05-14 Thread Andrew Simmons
Roberto Navarro - TusProfesionales.es wrote: I have detected some scans lookin' for the 5554 port (sasser's ftpd). Does somebody know anything about a new worm, exploiting its vulnerabilty? Dabber worm : http://www.theregister.co.uk/2004/05/14/dabber_worm/ The worm of the worm - all we need

Re: [Full-Disclosure] Worm of the worm?

2004-05-14 Thread Exibar
Subject: Re: [Full-Disclosure] Worm of the worm? Hi K-OTik published an exploit for sasser's ftpd : http://www.k-otik.com/exploits/05102004.sasserftpd.c.php Maybe you are seeing manual scans or a brand new worm. Have a nice day Maxime Ducharme Programmeur / Spécialiste en sécurité réseau

Re: [Full-Disclosure] Worm of the worm?

2004-05-14 Thread Valdis . Kletnieks
On Fri, 14 May 2004 14:19:12 BST, Randal, Phil [EMAIL PROTECTED] said: That's the Dabber worm: http://vil.nai.com/vil/content/v_125300.htm It's really sad that Sasser has nailed *so many* machines that Dabber is able to propagate. Out in the real world, a virus that could only spread