Infected systems begin the attack when their system clocks reach 16 August, and continue until December 31. From January through July, infected systems will only conduct the DDoS attack from the 15th through the end of each month Nathan -----Original Message----- From: Steve Withers [mailto:swithers(a)mmp.org.nz] Sent: Saturday, 16 August 2003 12:52 a.m. To: NZ NOG Subject: Re: [nznog] blaster worm On Fri, 2003-08-15 at 23:22, Malcolm Lockyer wrote:
Should be a more interesting 24 hours then eh? :-|
It's supposed to start on the 16th.....do we know for sure if it is set
to stop on the 17th?
Or will it keep going until the PCs concerned are disconnected from the
network?
--
Steve Withers
windowsupdate.com has been pulled my MS. See http://slashdot.org/article.pl?sid=03/08/15/1730200&mode=thread&tid=109&tid=126&tid=172&tid=187 I believe they've shifted to windowsupdate.microsoft.com Amazing what a little bit of code can do. -- Kerry Thompson, CISSP IT Security Consultant Auckland, New Zealand http://www.crypt.gen.nz On Sat, 2003-08-16 at 00:55, Nathan Mercer wrote:
Infected systems begin the attack when their system clocks reach 16 August, and continue until December 31. From January through July, infected systems will only conduct the DDoS attack from the 15th through the end of each month
Nathan
-----Original Message----- From: Steve Withers [mailto:swithers(a)mmp.org.nz] Sent: Saturday, 16 August 2003 12:52 a.m. To: NZ NOG Subject: Re: [nznog] blaster worm
On Fri, 2003-08-15 at 23:22, Malcolm Lockyer wrote:
Should be a more interesting 24 hours then eh? :-|
It's supposed to start on the 16th.....do we know for sure if it is set to stop on the 17th?
Or will it keep going until the PCs concerned are disconnected from the network?
The first I ever became aware of windowsupdate.com was when this damn worm came out. Everyone's talking about windowsupdate.microsoft.com like it's news, but that's the site I've been using for as long as I've been admin'ing Windows. On Sat, 16 Aug 2003, Kerry Thompson wrote:
windowsupdate.com has been pulled my MS. See
http://slashdot.org/article.pl?sid=03/08/15/1730200&mode=thread&tid=109&tid=126&tid=172&tid=187
I believe they've shifted to windowsupdate.microsoft.com
Amazing what a little bit of code can do.
The first I ever became aware of windowsupdate.com was when this damn worm came out. Everyone's talking about windowsupdate.microsoft.com like it's news, but that's the site I've been using for as long as I've been admin'ing Windows.
You've been admin'ing windows?
And I thought you had learned something in your tenure as my sidekick :/
--
James Tyson
windowsupdate.microsoft.com has been the default since windows 98 if i
recall. Get onto a windows 98 machine and click 'start' then 'windows
update', you will notice it connects to windowsupdate.microsoft.com , so
nothing is new. windowsupdate.com was just a 'portal' to the true update
site.
*sigh*
Barry
----- Original Message -----
From: "Matthew Poole"
The first I ever became aware of windowsupdate.com was when this damn worm came out. Everyone's talking about windowsupdate.microsoft.com like it's news, but that's the site I've been using for as long as I've been admin'ing Windows.
On Sat, 16 Aug 2003, Kerry Thompson wrote:
windowsupdate.com has been pulled my MS. See
http://slashdot.org/article.pl?sid=03/08/15/1730200&mode=thread&tid=109&tid= 126&tid=172&tid=187
I believe they've shifted to windowsupdate.microsoft.com
Amazing what a little bit of code can do.
_______________________________________________ Nznog mailing list Nznog(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
windowsupdate.com has been pulled my MS. See http://slashdot.org/article.pl?sid=03/08/15/1730200&mode=thread&tid=109&tid=126&tid=172&tid=187 I believe they've shifted to windowsupdate.microsoft.com Amazing what a little bit of code can do. -- Kerry Thompson, CISSP IT Security Consultant Auckland, New Zealand http://www.crypt.gen.nz On Sat, 2003-08-16 at 00:55, Nathan Mercer wrote:
Infected systems begin the attack when their system clocks reach 16 August, and continue until December 31. From January through July, infected systems will only conduct the DDoS attack from the 15th through the end of each month
Nathan
-----Original Message----- From: Steve Withers [mailto:swithers(a)mmp.org.nz] Sent: Saturday, 16 August 2003 12:52 a.m. To: NZ NOG Subject: Re: [nznog] blaster worm
On Fri, 2003-08-15 at 23:22, Malcolm Lockyer wrote:
Should be a more interesting 24 hours then eh? :-|
It's supposed to start on the 16th.....do we know for sure if it is set to stop on the 17th?
Or will it keep going until the PCs concerned are disconnected from the network?
windowsupdate.com has been pulled my MS. See
http://slashdot.org/article.pl?sid=03/08/15/1730200&mode=thread&tid=109&tid=126&tid=172&tid=187
I believe they've shifted to windowsupdate.microsoft.com
I wouldn't say they've "shifted" to windowsupdate.microsoft.com. As far as I'm aware, thats always been the actual URL of windows update pretty much since day one. I've been using windowsupdate.microsoft.com as the URL for years now.... Maybe they had a redirection page at windowsupdate.com or just mirrored that URL as well. If the worm really targets windowsupdate.com and not windowsupdate.microsoft.com then the worm author isn't as smart as they'd like to think they are :) (big surprise there huh....) Regards, Simon
participants (7)
-
Barry Murphy -
James Tyson -
Kerry Thompson -
Kerry Thompson -
Matthew Poole -
Nathan Mercer -
Simon Byrnand