Date: Mon, 30 Jan 2006 22:00:43 +0200
From: Gadi Evron <ge@linuxbox.org.>
To: bugtraq@securityfocus.com
Subject: CME-24 (BlackWorm) Users' FAQ
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeded SMTP AUTH authentication, not delayed by milter-greylist-1.7.5 (linuxbox.org [24.155.83.21]); Mon, 30 Jan 2006 14:01:52 -0600 (CST)
X-Virus-Scanned: antivirus-gw at tyumen.ru
This FAQ was authored by members of the TISF BlackWorm task force
(specifically the MWP / DA groups and the SANS ISC handlers).
The purpose is both to provide with a resource for concerned users and
network administrators, as well as to be a level-headed myth-free source
on the subject.
There seems to be excessive media hype as well as some
"end-of-the-world" type predictions. The end of the world is not coming
and most of us will still be here after February 3rd, but this is a
serious issue for those who *are* infected and we didn't manage to get to.
The FAQ can be found at:
http://isc.sans.org/blackworm
http://blogs.securiteam.org
--
"300,000 infected users worldwide is not a terribly large amount when
compared to previous worms like Sober or Mydoom. However, with this worm
it isn't the quantity of infected users, it is the destructive payload
which is most concerning."
-- Joe Stewart, LURHQ (http://www.lurhq.com/blackworm-stats.html)
Gadi.
