[Dshield] Mydoom Back?
Tony Earnshaw
tonni at hetnet.nl
Sat Apr 5 10:06:05 GMT 2008
Jon R. Kibler skrev, on 01-04-2008 19:11:
> I have seen a half dozen emails to various users containing
> Worm.Mydoom.M in the past 24 hours. Prior to that, the last time we saw
> it were single occurrences in August and November of last year.
>
> They are all coming from the same DSL IP in ZA: 196.209.50.188
>
> They are all known variants:
> Subject: uo Attach: File.scr
> Subject: Message could not be delivered Attach: readme.zip
> Subject: Delivery reports about your email Attach: text.zip
>
> Anyone else seeing this?
Masses - 35 - in 2008, last before 2008 27-12-2007. Differently
distributed sources throughout almost all TLDs. Bit Defender is still
catching it, latest 08+ CEST today.
--Tonni
>
> Jon K.
>
>
> ------------------------------------------------------------------------
>
> _________________________________________
> SANS Security 2008 in New Orleans!! January 11-19 2008. Why freeze up north if you can be in New Orleans. http://www.sans.org/info/15826
--
Tony Earnshaw
Email: tonni at hetnet dot nl
More information about the list
mailing list