lists.openwall.net   lists  /  announce  john-users  owl-users  popa3d-users  /  xvendor  oss-security  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4 
Open Source and information security mailing list archives
 
Order Openwall GNU/*/Linux 2.0 on a CD with delivery worldwide
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: DCOM/RPC story (Analogy)

madsaxon <madsaxon@...ecway.com> wrote:

> At 12:19 PM 8/31/03 -0700, Steven Fruchter wrote:
> >That is completely moronic to act as if he did not do anything but just 
> >hex edit the code and change the name for example on the .exe .  He also 
> >like a moron had the infected drones contact his website (which he is 
> >registered to) so that he can see who has been infected to control them. \
> 
> Assuming that he is, in fact, responsible.  If I wanted
> to release a worm and blame someone else for it, the first thing
> I'd do is pick out some basically clueless kiddie who's been
> bragging about his skillz on IRC and set him up exactly like
> this.  Next thing you know, the FBI and virtually everyone on
> the planet is convinced he's guilty, and I get off scot free,
> ready to release my next new and improved worm. Piece o' cake.

Yeah, good plan...

Though, please explain how you would do the remote profiling to be sure 
that the clueless kiddie bragging about his skillz on IRC is the type 
who will confess to precisely the required actions when the FBI comes 
knocking a week or so later?


Regards,

Nick FitzGerald

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux