I received an email this morning from a concerned gentleman detailing a new Sub7 worm that was being released on IRC. It was in response to the Mcveigh execution and was being distributed on the EFNet IRC network in channel #mcveigh. An account on one of my machines was oped in the channel at the time and as a result I received the report. I will forward the email on to the list following this post. -Adam -- Adam Stanley CTO / VP Nethosters, Inc. On 12 Jun 2001 08:42:58 -0500, Obert, Jack E. wrote: > Since February, I've been receiving tcp port scans for the default sub7 port > (27374) at a rate of approximately 3-4 per day. Starting on June 8th to > present, I've been receiving them at 9 times that rate. > > 6/5/01 - 3 Scans > 6/6/01 - 4 Scans > 6/7/01 - 3 Scans > 6/8/01 - 8 Scans > 6/9/01 - 14 Scans > 6/10/01 - 38 Scans > 6/11/01 - 22 Scans > > Any ideas on what could have sparked this increased scanning? A new > utility? A new vulnerability related to sub7? New media publicity? > > Thanks > > Jack E. Obert, GSEC > Technical Information Security Officer > St. John's Health System
This archive was generated by hypermail 2b30 : Tue Jun 12 2001 - 09:38:16 PDT