[Dshield] Dabber
Pete Cap
peteoutside at yahoo.com
Fri May 14 19:22:32 GMT 2004
List,
I have been hearing rumors about a worm exploiting the FTP component of Sasser for a couple of weeks now. In case you haven't read the Handler's Diary from the 13th, lurhq has a writeup of this worm, which is being called "Dabber," at http://www.lurhq.com/dabber.html.
I haven't seen any of this traffic headed my way yet, but the DShield feed shows spikes in activity for tcp/5554 and tcp/8967. The difference is so great that I didn't even bother to calculate the confidence intervals.
I did notice that there are some days missing from the DShield feed. If anyone has seen this traffic, I'd like to hear about it (specifically, when it started).
Regards,
Pete
---------------------------------
Do you Yahoo!?
SBC Yahoo! - Internet access at a great low price.
More information about the list
mailing list