| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: nick at virus-l.demon.co.uk (Nick FitzGerald) Subject: Windows Dcom Worm planned DDoS Sebastian Niehaus <killedbythoughts@...dcrime.net> to me: > > And, of course, if MS started messing with the DNS entries for > > windowsupdate.com, it would be cutting an awful lot of users off from > > much needed updates. which could be as disturbing as the rest of the > > worm's effects... > > Could be a nice feature of a worm to modify the "hosts" file and > prevent infected maschines to do DNS lookups. > > Users typing "www.microsoft.com" into their browsers could be tricked > into downloading stuff from hostile servers and the "windows update" > could be disabeled easily. > > This probably istn't a new concept, eh? Correct about messing with the hosts file -- has been used by various adware, spyware and browser hijackers for various purposes and occasionally by other malware to, for example, block access to AV and/or other security sites (pointing www.<company>.com to 127.0.0.1 for example). Offhand I don't recall it being used specifically to target Windows Update or other MS sites with the intention of causing the user to unwittingly d/l something malicious (in general, if a piece of malware has this level of access to the victim's machine it probably can do much, if not all, it needs without engaging in network address subterfuges...). -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854
Powered by blists - more mailing lists