[Dshield] [Fwd: Potential Internet Attack Targeting Microsoft Beginning August 16, 2003]

Johannes B. Ullrich jullrich at sans.org
Fri Aug 15 20:33:32 GMT 2003


This message was converted from multipart/signed to ascii armored
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable


Just to clear up a couple inaccuracies in this reports, before they
spread too far:

- The worm attack "windowsupdate.com", not "www.windowsupdate.com"
- 'windowsupdate.com' is not used by the default 'Windows Update'
  function. Instead, it uses 'windowsudpate.microsoft.com'
- the list of ports is ok for small companies and such. However, port
  4444 is used by some 

it should be mentioned:
- it will only start the DDOS after a system reset. It will not switch
  from scanning to DDOS on its own.

-- 
SANS - Internet Storm Center
http://isc.sans.org
PGP Key: http://isc.sans.org/jullrich.txt

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQA/PUObR1p7hYJvB/wRAg7IAKCQPVOqpOd4HT6POkKzxdTMRSmFuwCaAxyU
FfKGOBq3NuQ4UQ4uHR4Hr8UaQD
-----END PGP SIGNATURE-----

--
SHA1



More information about the list mailing list