[Dshield] NetSky observation

jayjwa jayjwa at atr2.ath.cx
Fri Feb 20 14:55:15 GMT 2004



On Thu, 19 Feb 2004, Paul Marsh wrote:
> I've seen it in a long time.  Yesterday 5 viri stopped at my perimeter
> today it's stopped 2. How is everyone else making out, has it quieted
> down?  I read some where (can't remember where) that it's possible that
> NetSky was created by an AV insider?  Is NetSky a good worm or are we
> just waiting for the second shoe to drop?

Very quite here worm-wise, but what I AM seeing is ALOT of people scanning
for MyDoom ports, most likely due to the client for the MyDoom proxy being
released, in executable form no less. That gives the kids something to
play with, I see the same patterns hitting the Doom ports, over and over
and over... It's really amazing how frequently- I dare say port 3127 gets
probed at least 3-4 times a minute. I got a good packet dump yesterday.


-- 
=============================================
%jayjwa%  RLF#37    "Gnu for ALL. SCO Never."
Vx_Labs Research Group @ Atr2
PGP Key-Fetch: B628B851
   Jung xvaqn jnpxb qrpbqrf ebg13 sebz fvtf ?
---------------------------------------------




More information about the list mailing list