"Sekurity Wizard" <s.wizardat_private> wrote: > Thought I'd do some research into this little hypothesis we've all been > seeing, what will happen on the 16th!? Well, I've set up a named server > (logging ALL queries into it) and an infected Win2k box (ran msblast.exe > on it) into the same hub...and then set the date to the 16th......much to > my surprise, NOTHING happened. Literally, nothing. No scanning for port > 135, no DNS storms, no DDoS packets - nothing...what did I do wrong > or...what does this mean? Did you restart the "infected" box after changing the date? Is the "infected" box actually properly infected? Is the "infected" box configured such that the InternetGetConnectedState API will return true? (If not, almost the first thing the worm will do is fall into a tight loop checking InternetGetConnectedState, sleeping for 20 seconds, rechecking...) -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Wed Aug 13 2003 - 19:53:29 PDT