[Dshield] Mydoom Back?

Tony Earnshaw tonni at hetnet.nl
Sat Apr 5 10:06:05 GMT 2008


Jon R. Kibler skrev, on 01-04-2008 19:11:

> I have seen a half dozen emails to various users containing 
> Worm.Mydoom.M in the past 24 hours. Prior to that, the last time we saw 
> it were single occurrences in August and November of last year.
> 
> They are all coming from the same DSL IP in ZA: 196.209.50.188
> 
> They are all known variants:
>     Subject: uo    Attach: File.scr
>     Subject: Message could not be delivered        Attach: readme.zip
>     Subject: Delivery reports about your email    Attach: text.zip
> 
> Anyone else seeing this?

Masses - 35 - in 2008, last before 2008 27-12-2007. Differently 
distributed sources throughout almost all TLDs. Bit Defender is still 
catching it, latest 08+ CEST today.

--Tonni

> 
> Jon K.
> 
> 
> ------------------------------------------------------------------------
> 
> _________________________________________
> SANS Security 2008 in New Orleans!! January 11-19 2008. Why freeze up north if you can be in New Orleans.  http://www.sans.org/info/15826


-- 
Tony Earnshaw
Email: tonni at hetnet dot nl


More information about the list mailing list