[Dshield] Thank you Johannes and Dshielder's
jsage at finchhaven.com
Wed Aug 13 15:23:30 GMT 2003
Paul, et al:
On Wed, Aug 13, 2003 at 10:33:39AM -0400, Paul Marsh wrote:
> I've been watching/listening/reading the major news agencies over
the past two days first off let me say a day late and a dollar short,
it's amazing how un-informed some people really are. A reporter on
CNN last night thought it was funny when her system started rebooting.
Most news agencies are reporting that if you update your AV, run a
removal tool and apply the patch your system is OK. Why aren't these
people reading and understanding what's going on?
One major problem that advertising by the anti-virus companies
produces is that people think that updating their AV signatures is all
they need to do regarding *any* security issue.
I can't tell you the number of people in the last day or two who have
said to me "Well, I just update my [insert major AV company]
signatures, so I don't have anything to worry about."
I reply "Well, no, this isn't a virus, this is a worm." and they go
And I counted over 500 distinct hosts within my very local 12.82.x.x
address space probing my firewall between midnight 08/12 and about
6:00pm that evening.
If my local address space (AT&T dialups, mostly..) is any indication of
how saturated home user address space in general has been affected, a
*lot* of people are screwed, and the fallout from this is going to go
on for a *long* time.
And that's not all.
Local news (metro Seattle-Tacoma, WA) reported that the City of
Seattle's computer systems in general were majorly screwed, as well...
"Obviously, we do not want to leave zombies around."
More information about the list