[Dshield] MyDoom/NoVarg DoS details

Stephane Grobety security at admin.fulgan.com
Wed Jan 28 14:23:35 GMT 2004


RK> I suppose one could add an entry into there own DNS that points toward there
RK> own static intranet webpage, for gathering local ip's of infected pcs, with
RK> a link to sco.com, or perhaps a link to a removal tool for the virus or even
RK> an auto script to disinfect the pc.  One might even add an entry into the
RK> host records on the pc to inform users and provide solutions/links to virus
RK> repair tools. 

Hum... I think not: the last thing I need is my own machine DDoSing my
intranet web server... I'll rely on the domain policies that fore the
deployment of NAVCE and up-to-date DAT files and I might just launch a
few preemptive virus sweep and see  what it comes up with.

I've also launch a network-wide nmap scan on the backdoor ports in my
network.

RK> Just a thought with 1st cup of coffee,

Ah... You're excused, then :) Enjoy your coffee :)

Good luck,
Stephane




More information about the list mailing list