[Full-disclosure] No one else seeing the new MS05-039 worm yet?

[Willem Koenings]

Hi!

On 8/30/05, Vic Vandal <vvandal at well.com> wrote:
> This has been going around since early Monday afternoon.  Symantec
> and other AV vendors have had code since then, and no details STILL.
> 
> I guess one can call it the Katrina worm until something better comes along.

Haven't seen the one you mentioning (care to share?), however
the usual stuff like ssl.exe, mousebm.exe, runs.pif, ried.pif,
wintbp.exe etc are still quite active as i found a lot of them in my
honeypot so the attack vector is still high.

W.