[Dshield] Re: [Full-Disclosure] new msblaster on the loose?

Person devon at lithiumnode.com
Wed Aug 13 18:28:35 GMT 2003


http://www.sarc.com/avcenter/venc/data/w32.blaster.b.worm.html

"The executable for this variant is named Penis32.exe."

[t]

On Wed, 13 Aug 2003, David Vincent wrote:

> anyone else seeing this?
>
> ---------------
>
> http://www.theinquirer.net/?article=11018
>
> New version of Blaster worm on the loose
> Already
>
> By INQUIRER staff: Wednesday 13 August 2003, 16:51
> KASPERSKY LABS claimed this afternoon that there's already a new version of
> the Blaster/Lovesan worm on the loose.
>
> And it says that's likely to mean a repeat of the outbreak we've seen during
> this week. The new variety of Lovesan exploits the same vulnerability.
>
> Kaspersky says that the number of infected systems is around the 300,000
> mark, and the new variety may double this number.
>
> "In the worst case, the world community can face a global Internet slow down
> and regional disruption... to the World Wide Web," said Eugene Kaspersky,
> head of the labs.
>
> The new variety uses the name TEEKIDS.EXE instead of MSBLAST.EXE, different
> code compression, and different signatures in the body of the worm. µ
>
> ---------------
>
>
> David Vincent  CNA/MCSE
> Network Administrator
>
> www.mightyOaks.com
> david.vincent at mightyoaks.com
>
>
> MIGHTY OAKS WIRELESS SOLUTIONS INC.
> 209-3347 Oak Street
> Victoria, B.C. Canada V8X 1R2
> Phone: 250.386.9398   Fax:  250.386.9399
> Pager: 250.380.4575   Cell: 250.884.3000
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>




More information about the list mailing list