| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 26 Jan 2006 01:08:14 +0200 From: Gadi Evron <ge@...uxbox.org> To: bugtraq@...urityfocus.com Cc: "FunSec \[List\]" <funsec@...uxbox.org>, "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk> Subject: BlackWorm: 2 million infected? ISP notifications. 2 million hits: The counter is now at 2 million. Check out Sunbelt’s blog on this: http://sunbeltblog.blogspot.com/2006/01/blackworm-worm-over-18-million.html From past experience the 2 million hits probably mean a little over a million users infected. ISP notification: In cooperation with many (US-CERT, FBI, SANS ISC, many in the industry, etc.) and with special thanks to: Dr. Johannes Ullrich (SANS ISC) and Prof. Randal Vaughn (Randy — Baylor.edu), an attempt to contact all the ISP’s who have infected users has been made. A new list of IP’s that hit the (still secret) counter address is being compiled, so we can make another run of ISP notifications. The reporting emails are sent from Baylor.edu and contain a URL to the SANS ISC with a time-limited specially crafted URL for the respective ISP authorities to get their infected users’ information from. I'll update here when possible if there is anything to update. Check out: http://www.lurhq.com/blackworm.html Regular updates at: http://isc.sans.org/blackworm http://blogs.securiteam.com Gadi. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists