[Dshield] MyDoom/NoVarg DoS details

Johannes B. Ullrich jullrich at sans.org
Wed Jan 28 13:37:46 GMT 2004

> Portscans on the whole range (3127-3192) are booming compared 
> to "normal" traffic, even on the noisy ports.  I think it's a 
> safe bet that the author is hunting for compromised boxes.

Well, not just the author at this point. The protocol required
to use the backdoor to upload new files has been published,
so I expect we will see a lot of 'secondaries' soon.

CTO SANS Internet Storm Center               http://isc.sans.org
phone: (617) 837 2807                          jullrich at sans.org 

contact details: http://johannes.homepc.org/contact.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20040128/0b9dc194/attachment.bin

More information about the list mailing list