[Dshield] new msblaster on the loose?
jsage at finchhaven.com
Wed Aug 13 19:16:37 GMT 2003
On Wed, Aug 13, 2003 at 10:23:23AM -0700, David Vincent wrote:
> anyone else seeing this?
> New version of Blaster worm on the loose
> By INQUIRER staff: Wednesday 13 August 2003, 16:51
> KASPERSKY LABS claimed this afternoon that there's already a new
> version of the Blaster/Lovesan worm on the loose.
Two of the most sober, most credible, most consistent authorities I
can think of.
The only person that I'd put greater value in, if I was to hear a
comment about all this, would be something from Steve Gibson.
> And it says that's likely to mean a repeat of the outbreak we've
> seen during this week. The new variety of Lovesan exploits the same
> Kaspersky says that the number of infected systems is around the
> 300,000 mark, and the new variety may double this number.
C'mon folks, think about this a bit.
Changing the name of the executable does *not* make a variant of any
You can call it foo.exe or bar.exe and if it does absolutely the same
thing, the name change is irrelevant...
...except to set off those self-serving companies who are trying to
get some press out of all this:
"Trend-mantec releases a press report noting the fifteen variant of
the Win32-blah_blah worm, using a executable
"self-serving-publicity.exe". Video of the press conference at
...and to those who think they're safe if they have an up-to-date
"Oh my gawd.. I just put the snort rule that catches "p3n1s32.exe" and
now those bad script kiddies have switched to "teek_bar.exe"...
Let me give you a clue: they're just playing with your head.
> "In the worst case, the world community can face a global Internet
> slow down and regional disruption... to the World Wide Web," said
> Eugene Kaspersky, head of the labs.
Give me a break...
Yeah, I'll bet he said it, to anyone who'd listen.
Let's rename it "warhol_worm.exe" and watch the experts freak...
"Obviously, we do not want to leave zombies around."
More information about the list