[88229] in North American Network Operators' Group
Blackworm hunbers [Was: Re: Martin Hannigan]
daemon@ATHENA.MIT.EDU (Fergie)
Wed Jan 25 17:34:02 2006
From: "Fergie" <fergdawg@netzero.net>
Date: Wed, 25 Jan 2006 22:31:35 GMT
To: nanog@merit.edu
Errors-To: owner-nanog@merit.edu
Well, let's hope we can watch the Super Bowl in peace -- I'm
turning my pager & cell phone off anyways. :-)
In any event, as Alex Eckelberry writes over on the Sunbelt
Software blog, "...we=92re now seeing infestations for the
Blackworm worm (aka KamaSutra) getting close to 2 million.
"Yesterday it was at close to 700k. =
"Of course, it=92s possible that this URL has gotten out to
the public, which would increase the count (simply hitting
the website increments the count by one). However, to my
knowledge, this URL is only known in the security community.
"Remember that this worm has a very destructive payload. Even
if you discount the number here, you=92re still looking at a
significant number of people who will suffer potentially
devastating data loss."
I couldn't agree more.
Cheers,
- ferg
ps. http://sunbeltblog.blogspot.com/2006/01/blackworm-worm-over-18-milli=
on.html
-- Martin Hannigan <hannigan@world.std.com> wrote:
> =
> http://isc.sans.org/blackworm
> Further, our reports lead to a SANS ISC temporary URL's for each AS.
The last time SANS felt something was so serious they needed all
of NANOG to dance, they came out and said so. That's their handlers
diary. I read it. A lot of people read it. It's well balanced and =
usually on target. Just like that. It's not alarmist. It seems =
fairly certain that as long as Symantec et. al. do their thing, we
will be able to watch the superbowl in peace.
[snip]
--
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
fergdawg@netzero.net or fergdawg@sbcglobal.net
ferg's tech blog: http://fergdawg.blogspot.com/
