Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2004-06-17 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Announcing ISCAlert - Email Worms Bog Down ISPs

Published: 2004-06-17
Last Updated: 2004-06-18 12:32:37 UTC
by Dan Goldberg (Version: 1)
0 comment(s)
Announcing ISCAlert

Tom Liston, Internet Storm Center handler, and author of LaBrea ( http://labrea.sourceforge.net/ ) has just released ISCAlert. Per Tom, "ISCAlert is a small program that monitors the SANS Institute?s Internet Storm Center (ISC) and displays an icon in the system-tray indicating the current ?Infocon? level. The ISC?s Infocon status is used to reflect changes in malicious traffic and the possibility of disrupted connectivity on the Internet. Information on the meanings of the various Infocon levels can be found at http://isc.incidents.org/infocon.php ."

ISCAlert is available for Microsoft Windows platforms here: http://www.labreatechnologies.com/ISCAlert.zip

(Note: the MD5 sum of the file "ISCAlert.exe" is 0081f58c7887d29891e7cea5ef8034f8)

Email Worms Bog Down ISPs

The ISC has received reports of several major ISPs suffering delays in the delivery of email due to a recent surge in worm activity. The specific worms referenced are Sober.H/Ascetic.A and Erkez/Zafi.B. You may remember Sober.H as being the source of large amounts of German-language political spam ( as reported here: http://isc.incidents.org/diary.php?date=2004-06-11 ). The volume of email created by these two worms beginning late last week slowed many mail servers to a crawl, creating a backlog of undelivered (but not undeliverable) mail. As the tide of email created by these two worms begins to recede, queued mail should be delivered and delivery times should return to normal.

-------------------

Cory Altheide, stunt-double for Dan Goldberg

Handler on Duty
Keywords:
0 comment(s)
Diary Archives