North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: UDP port 4000 traffic: likely a new worm
- From: Josh Richards
- Date: Sat Mar 20 14:12:16 2004
Confirmed. We had our first customer (colo) hit yesterday evening at
20:43 PST. Additionally, they experienced the hard drive corruption (which
was added to the ISC diary entry within the last several hours). Traffic
was 4000/udp. Initial 90 Mbit/s peak which leveled out at a constant
60 Mbit/s before we took them off-line.
* Johannes B. Ullrich <email@example.com> [20040320 00:44]:
> Looks like there may be a worm going around hitting systems that run
> BlackIce. Common characteristics of the packets: Source port 4000 (but
> random target port) and the string
> "insert witty message here".
> details will be posted here:
> as I get them together.
Josh Richards | Colocation Web Hosting Bandwidth
Digital West Networks | +1 805 781-9378 / www.digitalwest.net
San Luis Obispo, CA | AS14589 & AS29962
firstname.lastname@example.org | DWNI - Making Internet Business Better