[unisog] Fantastic browser exploit setting up spam relays

Phil.Rodrigues at uconn.edu Phil.Rodrigues at uconn.edu
Thu Oct 2 18:44:15 GMT 2003

This is a simple table of the # of unique hosts at UConn that have sent 
port 53 traffic to the 3 servers referenced in Full-Disclosure per day:

09-25 000
09-26 006
09-27 015
09-28 050
09-29 097
09-30 136
10-01 177
10-02 136 (so far)

The CERT made this announcement yesterday:


Look for outbound 53/udp traffic to these servers to see how many hosts 
are infected in your network:

Maybe these too:

To be clear: the MS03-032 patch does *not* protect against this 
vulnerability.  MS has stated they will patch vs this (on cnn) but did not 
give a date.  Good luck!


Philip A. Rodrigues
Network Analyst, UITS
University of Connecticut

email: phil.rodrigues at uconn.edu
phone: 860.486.3743
fax: 860.486.6580
web: http://www.security.uconn.edu

Dax <dax at resnet.ucsb.edu>
10/02/2003 12:03 PM

        To:     unisog at sans.org
        Subject:        [unisog] Fantastic browser exploit setting up spam relays

                 Mornin' folks-

                 I've noticed ~100 or so users here infected with this:


                 Can I get a "Whoa, REDMOND!"?


More information about the unisog mailing list