Wouldn't it be fun if it contained the WMF exploit in some form?
So, I'm planning on using swatch to monitor DNS requests for the known
affected domains. What is everyone else planning to do?
All the popular domains known we have puched out a global rule to our
customers to block those domains and we are blocking those domains on
the aggregate circuits/routers as a secondary precaution. I plan to
check a few times tomorrow to see if any of those domains that aren't
registered yet actually show up and possibly use netflow also.