Home page logo

nanog logo nanog mailing list archives

Re: dcom worm released
From: Johannes Ullrich <jullrich () euclidian com>
Date: Thu, 07 Aug 2003 10:37:59 -0400

To clarify --  I'm talking about a worm based around the

For the last few days (maybe its a full week now), we
do see SDBot variants that include the RPC DCOM exploit.
This has so far explained the increase in rpc scan
activity. At this point, I don't think they qualify
as a 'worm'. But its close.


On the other hand, SQL Slammer is still a lot more 
active at this point:


On Thu, Aug 07, 2003 at 06:34:02AM -0400, Len Rose wrote:

It seems to be true.. I haven't seen any
code yet but-- 

Johannes Ullrich                     jullrich () euclidian com
pgp key: http://johannes.homepc.org/PGPKEYS
   "We regret to inform you that we do not enable any of the 
    security functions within the routers that we install."
         support () covad net

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]