Hi Jonathan, > Is anyone seeing anything new out there, or is this just a > resurgence of Welchia?
Not likely a new RPC DCOM worm. We will certainly know when it hits the Net. If you look at the amount of source adresses you will notice that the numbers are actually going down. The increase in trafic on port 135 could be because PoC code has been released and script kiddies are testing to see how many systems they can compromise. Med venlig hilsen // Kind regards Peter Kruse Kruse Security http://www.krusesecurity.dk _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
