Blackworm hunbers
Martin Hannigan
hannigan at world.std.com
Thu Jan 26 00:26:05 UTC 2006
> Well, let's hope we can watch the Super Bowl in peace -- I'm
> turning my pager & cell phone off anyways. :-)
I'm going for Steelers. You? I've got a couple of fresh
Maine Lobsters and Union Oyster House chowdah to put up
if you're interested in a wager.
[ Removed my name from the subject. I like it in lights, but
I've had enough for today! :-) ]
> In any event, as Alex Eckelberry writes over on the Sunbelt
> Software blog, "...were now seeing infestations for the
> Blackworm worm (aka KamaSutra) getting close to 2 million.
>
> "Yesterday it was at close to 700k.
>
> "Of course, its possible that this URL has gotten out to
> the public, which would increase the count (simply hitting
> the website increments the count by one). However, to my
> knowledge, this URL is only known in the security community.
The URL is out all over the place.
> "Remember that this worm has a very destructive payload. Even
> if you discount the number here, youre still looking at a
> significant number of people who will suffer potentially
> devastating data loss."
>
> I couldn't agree more.
People without A/V? How sad can you feel? I don't want anyone
to lose data, but I bet a bunch of people by A/V as a result.
That's good.
Check out this story where it was downplayed:
http://www.eweek.com/article2/0,1895,1915070,00.asp
> > http://isc.sans.org/blackworm
> > Further, our reports lead to a SANS ISC temporary URL's for each AS.
http://isc.sans.org/diary.php?storyid=1073 - but really, do you
consider this to be a huge issue that we should prepare to be on
call over?
Sans, http://isc.sans.org/infocon.php and Symantec, http://www.symantec.com/index.htm , are both at their normal threat levels.
The point I was trying to make before the thread went, East?, was
that there is a perceived problem in the security community with
approrpriate response. I'd tell you how I think that could have
been avoided, but then my name would go up in the subject again.
*cough full disclosure*
Off the top of my head I think the security trust landscape
today looks like this. I base this on participation, people
I know participating, comments I hear at the NANOG water bubbler,
etc. and they are nothing but personal opinions.
SANS - Trusted, good reputation growing
NSP-SEC - nuetral since it's a collective of people+groups
skitter15 - untrusted, but trusted when info leaks. (too long to explain)
PSIRT - trusted, borderline.
US-CERT - trusted for NA matters, w/other certs
UK-CERT - trusted for EU matters, w/other certs
IL-CERT - no comment
DA - untrusted
TISF - untrusted, new, etc.
CERTs at large - Nuetral, has to be case by case
Carrier Security Groups - Trusted for matters of their own
MSS - Neutral
AV - Trusted
Software Vendors - Neutral
Hardware Vendors - Untrusted, case by case
Force 10 - Trusted
Juniper - Trusted
Cisco - Nuetral, case by case
Team-Cymru - Trusted case by case
SecuriTeam - Untrusted, untested
This isn't a popularity contest, so I'll leave individuals
off of my list, but you can probably guess who in most cases
including using some of the notes above.
-M<
More information about the NANOG
mailing list