[Dshield] Re: new msblaster on the loose?

Henric Lindblad henric at alternera.se
Thu Aug 14 15:30:44 GMT 2003


If they patched, they are ok.
It's the ones that havn't patched that may be infected again,
by the new "variety".

/Henric

----- Original Message ----- 
From: "Jay Woody" <jay_woody at tnb.com>
To: <list at dshield.org>; <full-disclosure at lists.netsys.com>;
<david.vincent at mightyoaks.com>; <incidents at securityfocus.com>
Sent: Thursday, August 14, 2003 5:11 PM
Subject: [Dshield] Re: new msblaster on the loose?


> Guys, not to be weird, but wtf does this mean?
>
> >> And it says that's likely to mean a repeat of the outbreak we've
> seen during
> >> this week. The new variety of Lovesan exploits the same
> vulnerability.
> >>
> >> Kaspersky says that the number of infected systems is around the
> 300,000
> >> mark, and the new variety may double this number.
> >>
> >> "In the worst case, the world community can face a global Internet
> slow down
> >> and regional disruption... to the World Wide Web," said Eugene
> Kaspersky,
> >> head of the labs.
>
> If people got hit and they patched, then how will this be a repeat?
> How will the numbers DOUBLE?!  "In the worst case . . . "?  No, in the
> worst case, New Kids on the Block could start a reunion tour.  Give me a
> break, the first one hit, surely a bunch of people patched (even some of
> the people that didn't beforehand are surely smart enough to realize the
> error of their way now right?!).  So any future infection is bound to be
> less unless it has figured out a different way to exploit it (in which
> case it really isn't the same worm is it?) or figures out a way to scan
> IP addresses that the first one didn't.  I don't see anything saying
> that this worm is any different than the first one in those cases, so
> sounds like FUD to me.
>
> JayW
>
> >>> David Vincent <david.vincent at mightyoaks.com> 08/13/03 12:23PM >>>
> anyone else seeing this?
>
> ---------------
>
> http://www.theinquirer.net/?article=11018
>
> New version of Blaster worm on the loose
> Already
>
> By INQUIRER staff: Wednesday 13 August 2003, 16:51
> KASPERSKY LABS claimed this afternoon that there's already a new
> version of
> the Blaster/Lovesan worm on the loose.
>
> And it says that's likely to mean a repeat of the outbreak we've seen
> during
> this week. The new variety of Lovesan exploits the same vulnerability.
>
> Kaspersky says that the number of infected systems is around the
> 300,000
> mark, and the new variety may double this number.
>
> "In the worst case, the world community can face a global Internet slow
> down
> and regional disruption... to the World Wide Web," said Eugene
> Kaspersky,
> head of the labs.
>
> The new variety uses the name TEEKIDS.EXE instead of MSBLAST.EXE,
> different
> code compression, and different signatures in the body of the worm. µ
>
> ---------------
>
>
> David Vincent  CNA/MCSE
> Network Administrator
>
> www.mightyOaks.com
> david.vincent at mightyoaks.com
>
>
> MIGHTY OAKS WIRELESS SOLUTIONS INC.
> 209-3347 Oak Street
> Victoria, B.C. Canada V8X 1R2
> Phone: 250.386.9398   Fax:  250.386.9399
> Pager: 250.380.4575   Cell: 250.884.3000
>
> --------------------------------------------------------------------------
-
> --------------------------------------------------------------------------
--
>
>
>
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
>




More information about the list mailing list