Re: Linux Users Running Apache - Slapper Worm Spreading Rapidly
From: Richard Steven Hack (richardhack@SPAMHELLNOznet.com)Date: 09/18/02
- Next message: Steve: "ZoneAlarm Win32 Services"
- Previous message: mhicaoidh: "Re: Newbie: When is ZoneAlarm not working?"
- In reply to: W. B.: "Re: Linux Users Running Apache - Slapper Worm Spreading Rapidly"
- Next in thread: Richard Steven Hack: "Re: Linux Users Running Apache - Slapper Worm Spreading Rapidly - WEDNESDAY UPDATE"
- Reply: Richard Steven Hack: "Re: Linux Users Running Apache - Slapper Worm Spreading Rapidly - WEDNESDAY UPDATE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Richard Steven Hack <richardhack@SPAMHELLNOznet.com> Date: Tue, 17 Sep 2002 18:01:48 -0700
On Mon, 16 Sep 2002 16:34:28 -0500, "W. B." <civikminded@yahoo.com>
wrote:
>> Here is the CERT advisory. Note: This thing is spreading fast -
>> 0-6000 systems over the weekend, faster than Code Red.
>
>Sorry to be a downer, but this worm is NOT EVEN CLOSE to the infection rates
>of Code Red. On July 19th 2001 ALONE, Code Red attacks were recorded from
>over 250,000+ unique hosts.
Just quoting from F-Secure, who says that within the time span of the
first couple days, Code Red had only infected a "few hundred" systems
whereas this one went from 0-3,500 in a day, doubled over the next day
to 6,000, and has as of Monday evening climbed to almost 14,000. They
do note that eventually Code Red did over 300,000 infections.
I think they were referring to the ORIGINAL Code Red which came out on
July 12, 2001. The SECOND version that you cite did spread to over
300,000 systems within 14 hours.
See the analysis of Code Red here:
http://www.caida.org/analysis/security/code-red/
which includes animations of the spread. At its peak, Code Red
infected 2,000 machines every minute - definitely worse than the
slapper worm.
>I believe that this worm will not reach the infection rates of CR because it
>attacks TCP/443, which even on unpatched systems is many time firewalled.
This seems to be correct. F-Secure hooked a coomputer into the P2P
network the worm was creating and counted the systems, retrieved the
IP addresses and emailed the sys admins. Currently, the worm is
slowing as the systems are cleaned, and patches applied. The F-Secure
site is currently showing that the number of active hosts in the P2P
network has dropped to under 400.
-- The Master"Whatever does not kill me makes me stronger" - and YOU have not killed me!
-----------== Posted via Newsfeed.Com - Uncensored Usenet News ==---------- http://www.newsfeed.com The #1 Newsgroup Service in the World! -----= Over 100,000 Newsgroups - Unlimited Fast Downloads - 19 Servers =-----
- Next message: Steve: "ZoneAlarm Win32 Services"
- Previous message: mhicaoidh: "Re: Newbie: When is ZoneAlarm not working?"
- In reply to: W. B.: "Re: Linux Users Running Apache - Slapper Worm Spreading Rapidly"
- Next in thread: Richard Steven Hack: "Re: Linux Users Running Apache - Slapper Worm Spreading Rapidly - WEDNESDAY UPDATE"
- Reply: Richard Steven Hack: "Re: Linux Users Running Apache - Slapper Worm Spreading Rapidly - WEDNESDAY UPDATE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
