[Full-Disclosure] Windows Dcom Worm planned DDoS

From: Andrew Thomas (andrewtat_private)
Date: Tue Aug 12 2003 - 03:00:01 PDT

Next message: Chris Eagle: "RE: [Full-Disclosure] Windows Dcom Worm planned DDoS"

Previous message: Evans, Arian: "[Full-Disclosure] RE: [Full-Disclosure]Ooops-->was-->what to do"
Next in thread: Chris Eagle: "RE: [Full-Disclosure] Windows Dcom Worm planned DDoS"
Reply: Chris Eagle: "RE: [Full-Disclosure] Windows Dcom Worm planned DDoS"
Reply: Nick FitzGerald: "Re: [Full-Disclosure] Windows Dcom Worm planned DDoS"
Reply: Wcc: "RE: [Full-Disclosure] Windows Dcom Worm planned DDoS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

The examinations of the code so far indicate that the worm is 
coded to DoS the windowsupdate site from the 15th of August 
onwards through the end of the year.

I haven't seen anything mentioning whether or not the IP is
hardcoded. If not, shouldn't Microsoft just set the forward
resolve to 127.0.0.1 for a period of time?

That will probably save many, many $'s of wasted traffic.

--
Andrew G. Thomas
Hobbs & Associates Chartered Accountants (SA)
(o) +27-(0)21-683-0500
(f) +27-(0)21-683-0577
(m) +27-(0)83-318-4070 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Next message: Chris Eagle: "RE: [Full-Disclosure] Windows Dcom Worm planned DDoS"
Previous message: Evans, Arian: "[Full-Disclosure] RE: [Full-Disclosure]Ooops-->was-->what to do"
Next in thread: Chris Eagle: "RE: [Full-Disclosure] Windows Dcom Worm planned DDoS"
Reply: Chris Eagle: "RE: [Full-Disclosure] Windows Dcom Worm planned DDoS"
Reply: Nick FitzGerald: "Re: [Full-Disclosure] Windows Dcom Worm planned DDoS"
Reply: Wcc: "RE: [Full-Disclosure] Windows Dcom Worm planned DDoS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Aug 12 2003 - 04:05:50 PDT