If it exploits the same vulnerability, won't it be LESS effective since many people have been hit and thus patched their systems? Wouldn't an effective blaster variant find a different loophole? -----Original Message----- From: Jay Woody [mailto:jay_woodyat_private] Sent: Thursday, August 14, 2003 10:12 AM To: listat_private; full-disclosureat_private; david.vincentat_private; incidentsat_private Subject: [Full-Disclosure] Re: new msblaster on the loose? Guys, not to be weird, but wtf does this mean? >> And it says that's likely to mean a repeat of the outbreak we've seen during >> this week. The new variety of Lovesan exploits the same vulnerability. >> >> Kaspersky says that the number of infected systems is around the 300,000 >> mark, and the new variety may double this number. >> >> "In the worst case, the world community can face a global Internet slow down >> and regional disruption... to the World Wide Web," said Eugene Kaspersky, >> head of the labs. If people got hit and they patched, then how will this be a repeat? How will the numbers DOUBLE?! "In the worst case . . . "? No, in the worst case, New Kids on the Block could start a reunion tour. Give me a break, the first one hit, surely a bunch of people patched (even some of the people that didn't beforehand are surely smart enough to realize the error of their way now right?!). So any future infection is bound to be less unless it has figured out a different way to exploit it (in which case it really isn't the same worm is it?) or figures out a way to scan IP addresses that the first one didn't. I don't see anything saying that this worm is any different than the first one in those cases, so sounds like FUD to me. JayW >>> David Vincent <david.vincentat_private> 08/13/03 12:23PM >>> anyone else seeing this? --------------- http://www.theinquirer.net/?article=11018 New version of Blaster worm on the loose Already By INQUIRER staff: Wednesday 13 August 2003, 16:51 KASPERSKY LABS claimed this afternoon that there's already a new version of the Blaster/Lovesan worm on the loose. And it says that's likely to mean a repeat of the outbreak we've seen during this week. The new variety of Lovesan exploits the same vulnerability. Kaspersky says that the number of infected systems is around the 300,000 mark, and the new variety may double this number. "In the worst case, the world community can face a global Internet slow down and regional disruption... to the World Wide Web," said Eugene Kaspersky, head of the labs. The new variety uses the name TEEKIDS.EXE instead of MSBLAST.EXE, different code compression, and different signatures in the body of the worm. µ --------------- David Vincent CNA/MCSE Network Administrator www.mightyOaks.com david.vincentat_private MIGHTY OAKS WIRELESS SOLUTIONS INC. 209-3347 Oak Street Victoria, B.C. Canada V8X 1R2 Phone: 250.386.9398 Fax: 250.386.9399 Pager: 250.380.4575 Cell: 250.884.3000 --------------------------------------------------------------------------- ---------------------------------------------------------------------------- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
This archive was generated by hypermail 2b30 : Thu Aug 14 2003 - 09:43:06 PDT