October 2002 Opaserv worm

About September 27th a new network-aware worm started spreading on the Internet. It uses the NetBios service on Windows machines to spread directly (not using email). Unpatched systems with writable network shares are vulnerable, whether password-protected or not.

Around the same time the Bugbear/Tanatos virus started spreading rapidly, causing some confusion (to me, at least)

Virus analysis:

Logarithmic plot of port 80,137,139 Bezier smoothed plus datapoints
Andrew Daviel, TRIUMF