Florian Weimer <[EMAIL PROTECTED]> replied to "Larry Roberts":
> > The funnier thing would be if this was the guy tried to make the > > variant that takes over your machine via the DCOM exploit and goes > > out the windowsupdate.com and downloads the fix. That would be > > hilarious!!! > > This worm (which isn't a variant of the original one) ... Correct -- the more clueful AV vendors were immediately aware of that and thus gave it a new family name (pity they weren't clueful enough to talk amongst each other and all settle on the _same_ new family name). Thus the "try to install the DCOM RPC patch" worm is mainly known as Nachi, Welchia and Welchi. That has nothing to do with Blaster.B (or LovSan.B or MSBlast.B or Poza.B or whatever other name your favourite AV calls what the media seems to have settled on as "Blaster"). > ... is causing most > of the damage. Punishing the author would only be fair. Yep. And the hoary old chestnut "I didn't realize it would spread so far, so fast or cause any damage" defense is bound to get another airing despite its fundamental stupidity... -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
