[Dshield] MyDoom.B Surfacing!

Eric Hines eric.hines at appliedwatch.com
Wed Jan 28 18:02:30 GMT 2004


All,

MyDoom B is surfacing.

http://vil.nai.com/vil/content/v_100988.htm



-------------------------------------------
Eric Hines
CEO, Chairman
Applied Watch Technologies, Inc.
web: http://www.appliedwatch.com
email: eric.hines at appliedwatch.com
-------------------------------------------
Direct: (877) 262-7593 - Toll Free x327
Fax: (815) 425-2173
General: (877) 262-7593 (9am-5pm CST)
-------------------------------------------



Quoting David Hoelzer <dhoelzer at cyber-defense.org>:

> Yes.  I've received all of the variations.
> 
> On Jan 27, 2004, at 5:32 PM, Smith, Donald wrote:
> 
> > Has anyone seen a zip that had a file other then pif in it?
> > Symantec states it can be exe, com, pif, or scr but all I have seen so
> > far is pif.
> >
> >
> > -----Original Message-----
> > From: Johannes B. Ullrich [mailto:jullrich at sans.org]
> > Sent: Tuesday, January 27, 2004 2:55 PM
> > To: General DShield Discussion List
> > Cc: intrusions at incidents.org
> > Subject: Re: [Dshield] MyDoom/NoVarg DoS details
> >
> >
> > On Tue, 2004-01-27 at 15:30, Eric Hines wrote:
> >> Does anyone here have any details on the type of Denial of Service
> >> attack that
> >> MyDoom/Novarg launches against SCO.COM in Feb? What solutions if any
> > are
> >> recommended for this date, a null route? Is it just outbound port 80
> > SYN floods?
> >
> > I haven't been able to trigger the sco.com attack yet in my lab.
> > However, the virus includes these strings:
> >
> > GET / HTTP/1.1
> > Host: www.sco.com
> >
> > suggesting that it will try to issue a full request.
> >
> >
> >
> >
> > -- 
> > CTO SANS Internet Storm Center               http://isc.sans.org
> > phone: (617) 837 2807                          jullrich at sans.org
> >
> > contact details: http://johannes.homepc.org/contact.htm
> >
> 




More information about the list mailing list