To clarify -- I'm talking about a worm based around the exploit.
For the last few days (maybe its a full week now), we do see SDBot variants that include the RPC DCOM exploit. This has so far explained the increase in rpc scan activity. At this point, I don't think they qualify as a 'worm'. But its close. http://www.dshield.org/port_report.php?port=135&recax=1&tarax=1 On the other hand, SQL Slammer is still a lot more active at this point: http://www.dshield.org/port_report.php?port=1434&recax=1&tarax=1
On Thu, Aug 07, 2003 at 06:34:02AM -0400, Len Rose wrote:
It seems to be true.. I haven't seen any code yet but--
http://lists.netsys.com/pipermail/full-disclosure/2003-August/007717.html
-- -------------------------------------------------------------- Johannes Ullrich jullrich@euclidian.com pgp key: http://johannes.homepc.org/PGPKEYS -------------------------------------------------------------- "We regret to inform you that we do not enable any of the security functions within the routers that we install." support@covad.net --------------------------------------------------------------