[55186] in North American Network Operators' Group
Re: Level3 routing issues?
daemon@ATHENA.MIT.EDU (Christopher L. Morrow)
Sat Jan 25 17:27:22 2003
Date: Sat, 25 Jan 2003 21:59:57 +0000 (GMT)
From: "Christopher L. Morrow" <chris@UU.NET>
To: "Stephen J. Wilcox" <steve@telecomplete.co.uk>
Cc: Avleen Vig <lists-nanog@silverwraith.com>,
"C. Jon Larsen" <jlarsen@richweb.com>, Bill Woodcock <woody@pch.net>,
Mikael Abrahamsson <swmike@swm.pp.se>, <nanog@merit.edu>
In-Reply-To: <Pine.LNX.4.21.0301251941450.12307-100000@MrServer>
Errors-To: owner-nanog-outgoing@merit.edu
On Sat, 25 Jan 2003, Stephen J. Wilcox wrote:
>
> I've not looked at any great detail into the exact sources but of the few I
> looked at earlier I was surprised to find them on ADSL .. these may be corporate
> networks this is the bit I dont know but some of them seemed to be residential,
> weird!
>
Seems this borked software bit is in more than just hardcore SQLServer. It
seems that the bits are also in visio2000 and a few other things :( Hence
the 'more than server platform' infection spread. This also helps to
explain the speed of infection and spread, as with more possible targets
things should move more quickly.
The interesting is the huge spike at a common time (00:30EST) one wonders
if there is a group tracking down the initial infector or not :)
