Re: [Full-Disclosure] Web counter in the new Swen/Gibe.F worm

From: B.K. DeLong (bkdelong_at_pobox.com)
Date: 09/19/03

  • Next message: KF: "Re: [Full-Disclosure] new ssh exploit?" 
    To: full-disclosure@lists.netsys.com
Date: Thu, 18 Sep 2003 18:09:30 -0400

    At 02:31 PM 9/18/2003 -0400, you wrote:
    >Hi,
    >
    >Joe Stewart of Lurhq.com has made an interesting discovery about the new
    >Swen/Gibe.F worm that started circulating today: When the worm infects
    >a new machine, it hits a Web counter.
    >
    >The URL of the counter is:
    >
    >
    >http://ww2.fce.vutbr.cz/bin/counter.gif/link=bacillus&width=6&set=cnt006
    >
    >If this URL wraps in your email reader, here's a shorter version:
    >
    > http://tinyurl.com/nufo
    >
    >At 2:30 EST, the counter is about 615,000.
    >
    >Here's a bit more about the worm:
    >
    > http://news.com.com/2100-7349_3-5078696.html
    >
    >The server log entries for this counter might prove interesting to virus
    >researchers. These entries could provide data for a statistical study
    >of computer worm transmissions. Perhaps the Vutbr.cz Web site would be
    >willing to go public with this information.

    Is anyone storing sample virii somewhere for analysis? Or do we have to
    wait for it to show? 

    --
B.K. DeLong
bkdelong@pobox.com
+1.617.797.2472
http://ocw.mit.edu                           Work.
http://www.brain-stream.com               Play.
http://www.the-leaky-cauldron.org        Potter.
http://www.city-of-doors.com               Sigil
PGP Fingerprint:
38D4 D4D4 5819 8667 DFD5  A62D AF61 15FF 297D 67FE
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
  • Next message: KF: "Re: [Full-Disclosure] new ssh exploit?"

    Relevant Pages
    • Quantcast