Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: CME-24 aka blackworm update SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
CME-24 aka blackworm update
The numbers of infected emails have dropped off some
but we are still getting reports of CME-24 infected emails
being blocked inbound from several sources so the infection continues.

We are also getting a few reports of loss data due the malicious payload.

Many people have commented on the high counts of reported CME-24 in Puru and India.
One possible explanation comes from the way the worm updates the counter.
The worm hits its counter every time it starts up. Such as when a computer is rebooted.

So countries would have a higher hit count if they had
Older compters that require fequent rebooting.
dynamic IPs with a high rate of change
Systems that charge by the hour for connections (internet cafe')

206 Posts
Feb 4th 2006

Sign Up for Free or Log In to start participating in the conversation!