Hey all, Well we have suffered through yet another worm attack and the Internet still seems to be humming along. Granted this worm was more aggressive and better written than other win32 based worms we have seen, it is none the less more or less a non-issue now. We will see it continue it's activity for quite some time in the future, in fact if ARIS is any indication it does not seem to be abating just yet. However, the conversation around it is going to stop here. If you have something new and previously not discussed here I will post it through, otherwise though let's move on and wait for the next worm to come our way. I suspect we will not have to wait too terribly long. In terms of the ARIS notification program we set up, we are stopping it now. We recieved logs for well over 200,000 infected hosts and notified as such. However, at this point we seem to running into alot of overlap and admins do not need us sending them mail if they have already recieved it. To further complicate the situation about 50% of the hosts we notified against for this version of the worm had already recieved a notification for the last worm. Meaning they were infected, and two notifications later are still infected. You can still notify if you are an ARIS Analyzer user, but our mail in program to aris-reportat_private is now done, for now. Thankyou *very much* for the thousands of people who sent in logs, your help is deeply appreciated here. I wish I could name you all but this message would be 200 pages long if I did. Your contributions are appreciated. Cheers, -al VP Engineering SecurityFocus.com "Vae Victis" ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Aug 07 2001 - 09:32:28 PDT