[33538] in bugtraq
RE: Outbreak warning: possibly Mydoom.C
daemon@ATHENA.MIT.EDU (Thor Larholm)
Mon Feb 9 15:13:15 2004
From: "Thor Larholm" <thor@pivx.com>
To: "'Gadi Evron'" <ge@egotistical.reprehensible.net>,
<bugtraq@securityfocus.com>
Cc: <full-disclosure@lists.netsys.com>
Date: Mon, 9 Feb 2004 11:24:52 -0800
Message-ID: <8B32EDC90D8F4E4AB40918883281874D35AD97@pivxwin2k1.secnet.pivx.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
In-Reply-To: <4027B328.4050305@egotistical.reprehensible.net>
Dshield also lists an abnormal rise of scans on port 3127.
http://www.dshield.org/port_report.php?port=3127
Particularly within the last 36 hours.
http://www.dshield.org/port_report.php?port=3127&days=1
Regards
Thor Larholm
SegLegal -- Discussion of legal issues related to security research
http://seclegal.jscript.dk/
-----Original Message-----
From: Gadi Evron [mailto:ge@egotistical.reprehensible.net]
Sent: Monday, February 09, 2004 8:20 AM
To: bugtraq@securityfocus.com
Cc: full-disclosure@lists.netsys.com
Subject: Outbreak warning: possibly Mydoom.C
Uses the Mydoom backdoor to upload itself (over Mydoom ports).
Seeded over the weekend, it is out now and spreads fast.
Blocking: block Mydoom ports.
Gadi Evron.
