Home page logo

nanog logo nanog mailing list archives

Re: Blackworm hunbers
From: Simon Waters <simonw () zynet net>
Date: Thu, 26 Jan 2006 09:53:12 +0000

On Wednesday 25 Jan 2006 22:31, Fergie wrote:

"Of course, itÂ’s possible that this URL has gotten out to
the public, which would increase the count (simply hitting
the website increments the count by one).  However, to my
knowledge, this URL is only known in the security community.

The SANS diary suggests that the requests from the worm itself are quite 
distinctive, so it should be possible to spot idle curiousity, search bots, 
and other interested parties from the worm itself.

Of course it may be that the monitoring of the traffic isn't subtle enough to 
distinguish between these two types of traffic.

Occurs to me that 700,000 Windows reinstalls in a day is probably about 
average given market share, and reliability of the OS, so 700,000 thousand 
extra is probably just a busy day. Might be a peak in demand for Windows 
updates afterwards.

The talk of antivirus tools are misplaced, the correct tool to deal with 
something like this is a good back-up, but for too long people have sold PCs 
for end users without any backup service at all. 

My home desktop has a tape backup unit (and RAID 1). I just wish I could be so 
confident about every desktop we use at work.

As Bill Hassell signature said....

"There are two types of computer users in the
 world...those that have lost data, and those
 that are going to."        (blh, circa 1972)

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]