[Dshield] RE: new msblaster on the loose?

Arnold, Jamie harnold at binghamton.edu
Thu Aug 14 14:52:52 GMT 2003

There were 2 confirmed and at least one more uncomfirmed iteration of this as of Tuesday, 

-----Original Message-----
From: David Vincent [mailto:david.vincent at mightyoaks.com] 
Sent: Wednesday, August 13, 2003 1:23 PM
To: DShield List (E-mail); 'Full-Disclosure (E-mail); Incidents (E-mail)
Subject: new msblaster on the loose?

anyone else seeing this?



New version of Blaster worm on the loose Already

By INQUIRER staff: Wednesday 13 August 2003, 16:51 KASPERSKY LABS claimed this afternoon that there's already a new version of the Blaster/Lovesan worm on the loose.

And it says that's likely to mean a repeat of the outbreak we've seen during this week. The new variety of Lovesan exploits the same vulnerability.

Kaspersky says that the number of infected systems is around the 300,000 mark, and the new variety may double this number.

"In the worst case, the world community can face a global Internet slow down and regional disruption... to the World Wide Web," said Eugene Kaspersky, head of the labs.

The new variety uses the name TEEKIDS.EXE instead of MSBLAST.EXE, different code compression, and different signatures in the body of the worm. µ


David Vincent  CNA/MCSE
Network Administrator

david.vincent at mightyoaks.com

209-3347 Oak Street
Victoria, B.C. Canada V8X 1R2 
Phone: 250.386.9398   Fax:  250.386.9399
Pager: 250.380.4575   Cell: 250.884.3000


More information about the list mailing list