On Sat, 15 May 2004 14:43:14 MDT, Bruce Ediger [EMAIL PROTECTED] said:
That document claims the vulnerable population of the Witty worm was only
about 12,000 computers, and goes on to imply pretty strongly that effectively
100% of the vulnerable population got infected due to the speed of
On Fri, 14 May 2004 [EMAIL PROTECTED] wrote:
It's really sad that Sasser has nailed *so many* machines that Dabber
is able to propagate.
Well, what about the Witty worm? It only infected machines running
a brand of firewall with a particular plug-in, as I read this document
(I'm no Windows
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I have detected some scans lookin' for the 5554 port (sasser's ftpd).
Does somebody know anything about a new worm, exploiting its
vulnerabilty?
Roberto a.k.a. Logan
There are no answers, only cross refernces.
--
: 14 May 2004 13:26
To: [EMAIL PROTECTED]
Subject: [Full-Disclosure] Worm of the worm?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I have detected some scans lookin' for the 5554 port (sasser's ftpd).
Does somebody know anything about a new worm, exploiting its
vulnerabilty
- TusProfesionales.es [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, May 14, 2004 8:26 AM
Subject: [Full-Disclosure] Worm of the worm?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I have detected some scans lookin' for the 5554 port (sasser's ftpd).
Does somebody know anything
On Fri, 2004-05-14 at 07:26, Roberto Navarro - TusProfesionales.es
wrote:
I have detected some scans lookin' for the 5554 port (sasser's ftpd).
Does somebody know anything about a new worm, exploiting its
vulnerabilty?
Perhaps the Dabber worm?
http://www.lurhq.com/dabber.html
Regards,
Roberto Navarro - TusProfesionales.es wrote:
I have detected some scans lookin' for the 5554 port (sasser's ftpd).
Does somebody know anything about a new worm, exploiting its
vulnerabilty?
Dabber worm :
http://www.theregister.co.uk/2004/05/14/dabber_worm/
The worm of the worm - all we need
Subject: Re: [Full-Disclosure] Worm of the worm?
Hi
K-OTik published an exploit for sasser's ftpd :
http://www.k-otik.com/exploits/05102004.sasserftpd.c.php
Maybe you are seeing manual scans or a brand new worm.
Have a nice day
Maxime Ducharme
Programmeur / Spécialiste en sécurité réseau
On Fri, 14 May 2004 14:19:12 BST, Randal, Phil [EMAIL PROTECTED] said:
That's the Dabber worm:
http://vil.nai.com/vil/content/v_125300.htm
It's really sad that Sasser has nailed *so many* machines that Dabber
is able to propagate.
Out in the real world, a virus that could only spread