Q3 was busy. Blaster, Welchia, Sobig.F all produced substantial scan and mail-attempt volume.
Key observations:
- Port 135 (RPC) scans dominated the inbound. Volume similar to peak Code Red.
- The Blaster/Welchia mix produced confusing patterns; both worms targeted the same vulnerability with different payloads.
- Sobig.F mail volume was the highest mail-borne volume I have ever observed.
More as the year develops.