CRIME new mydoom variant - attack vector?

From: Mark Morrissey (morrisse@private)
Date: Thu Aug 05 2004 - 08:21:11 PDT


Hi y'all. Yes, I've moved from PSU but will continue as an adjunct
instructor and also will continue to own the crime mail list.

The new mydoom variant is making the rounds. Lots of people have
figured out signatures for NIDS and also for detection on the infected
machine (presently limited to win2k and xp). Does anyone know what the
propagation mechanism is once the machine is infected? We are trying to
determine the propagation mechanism to ensure that we are not hit by
this and caught unawares.

None of the usual suspects has posted any information on this aspect
yet.

Any of you Semantec people have an idea?

--mark


----
Mark Morrissey                               morrisse@private
Manager, Security Engineering      OHSU ITG/TeMD
Desk: 503-494-8480                      Fax: 503-494-4626
Cell: 971-244-2726



This archive was generated by hypermail 2.1.3 : Thu Aug 05 2004 - 08:56:15 PDT