Well, let's hope we can watch the Super Bowl in peace -- I'm turning my pager & cell phone off anyways. :-)
I'm going for Steelers. You? I've got a couple of fresh Maine Lobsters and Union Oyster House chowdah to put up if you're interested in a wager. [ Removed my name from the subject. I like it in lights, but I've had enough for today! :-) ]
In any event, as Alex Eckelberry writes over on the Sunbelt Software blog, "...were now seeing infestations for the Blackworm worm (aka KamaSutra) getting close to 2 million.
"Yesterday it was at close to 700k.
"Of course, its possible that this URL has gotten out to the public, which would increase the count (simply hitting the website increments the count by one). However, to my knowledge, this URL is only known in the security community.
The URL is out all over the place.
"Remember that this worm has a very destructive payload. Even if you discount the number here, youre still looking at a significant number of people who will suffer potentially devastating data loss."
I couldn't agree more.
People without A/V? How sad can you feel? I don't want anyone to lose data, but I bet a bunch of people by A/V as a result. That's good. Check out this story where it was downplayed: http://www.eweek.com/article2/0,1895,1915070,00.asp
http://isc.sans.org/blackworm Further, our reports lead to a SANS ISC temporary URL's for each AS.
http://isc.sans.org/diary.php?storyid=1073 - but really, do you consider this to be a huge issue that we should prepare to be on call over? Sans, http://isc.sans.org/infocon.php and Symantec, http://www.symantec.com/index.htm , are both at their normal threat levels. The point I was trying to make before the thread went, East?, was that there is a perceived problem in the security community with approrpriate response. I'd tell you how I think that could have been avoided, but then my name would go up in the subject again. *cough full disclosure* Off the top of my head I think the security trust landscape today looks like this. I base this on participation, people I know participating, comments I hear at the NANOG water bubbler, etc. and they are nothing but personal opinions. SANS - Trusted, good reputation growing NSP-SEC - nuetral since it's a collective of people+groups skitter15 - untrusted, but trusted when info leaks. (too long to explain) PSIRT - trusted, borderline. US-CERT - trusted for NA matters, w/other certs UK-CERT - trusted for EU matters, w/other certs IL-CERT - no comment DA - untrusted TISF - untrusted, new, etc. CERTs at large - Nuetral, has to be case by case Carrier Security Groups - Trusted for matters of their own MSS - Neutral AV - Trusted Software Vendors - Neutral Hardware Vendors - Untrusted, case by case Force 10 - Trusted Juniper - Trusted Cisco - Nuetral, case by case Team-Cymru - Trusted case by case SecuriTeam - Untrusted, untested This isn't a popularity contest, so I'll leave individuals off of my list, but you can probably guess who in most cases including using some of the notes above. -M<