[66831] in North American Network Operators' Group
Re: in case nobody else noticed it, there was a mail worm
daemon@ATHENA.MIT.EDU (Mike Tancsa)
Mon Jan 26 21:04:04 2004
Date: Mon, 26 Jan 2004 21:00:40 -0500
To: Paul Vixie <paul@vix.com>, nanog@merit.edu
From: Mike Tancsa <mike@sentex.net>
In-Reply-To: <20040127015211.9BDFD14C4F@sa.vix.com>
Errors-To: owner-nanog-outgoing@merit.edu
We are seeing 2 wide spread worms right now, mydoom and dumaru.*
NAI has info at
http://vil.nai.com/vil/content/v_100983.htm
and
http://vil.nai.com/vil/content/v_100980.htm
They rate of it is quite surprising. By the description, the trick /
method of infection does not seem all that different than past worms
viri. Makes me wonder how many people in a room would reach into their
purse/pocket on hearing, "Wallet inspector"
---Mike
At 08:52 PM 26/01/2004, Paul Vixie wrote:
>my copies (500 or so, before i filtered) are in a ~7MB gzip'd mailbox file
>called http://sa.vix.com/~vixie/mailworm.mbox.gz (plz don't fetch that unless
>you need it for comparison or analysis). there's a high degree of splay in
>the smtp/tcp peer address, and the sender is prepared to try backup MX's if
>the primary rejects it, though it appears to try the MX's in priority order.
