[Full-disclosure] new worm traveling the net? (GNU/Linux)
Timo Schoeler
timo.schoeler at riscworks.net
Mon Feb 19 21:03:21 GMT 2007
ahoy,
a friend of mine contacted me because he saw lots of emails (60) to
catchthismail at domain.tld starting at about 5:00 am (US east coast
time).
so i checked our company's log files (about 300 users) and saw the same
here starting at about 10:45am CET, ending at about 6pm, and about 40
emails of this in total.
there was not pattern except the <catchthismail at domain.tld> To: header;
interestingly, scanning a few of those hosts immediately (dynamic
assigned IP addresses) showed that it was GNU/Linux hosts.
is this a new worm spreading or something already known?
wbr,
timo
--
"Or what? You'll release the dogs? Or the bees? Or the dogs with bees
in their mouths, and when they bark they shot bees at you?" (Homer J.
Simpson)
Full-Disclosure is hosted and sponsored by Secunia.