| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: ge at egotistical.reprehensible.net (Gadi Evron)
Subject: irc.trojan.fgt - new variant.
> Yes but like you said it uses an angelfire page, If you take
> it down the virus is stopped If it gets too succesfull
> bandwidth limits are exceeded. So it will never widely spread
> that way If someone where to include a webserver in the worm
> there's no single point of failure
Exactly why:
A. This trojan is dead now.
B. The author kept releaseing clones/varaiants with different URL's.
It condusted massive spamming for itself, then died. Same thing with the
next variant.
As I wrote in my email, this trojan horse's success was propelled by the
author releasing _new_ clones "all the time" from different URL's. It
was never built to last. It was build to destroy.
As to never widely spreading... It did. :/
But your points are valid for the regular "things" we see out there.
Gadi Evron (i.e. ge),
ge@...uxbox.org.
--------
gevron@...vision.net.il -
PGP Key: 2048/2048 (Size) 0x2D3D6741 (ID).
Fingerprint: 0EB3 00BC 974B 3C2B 336D 6486 ECA5 2D0D 2D3D 6741.
The Trojan Horses Research mailing list - http://ecompute.org/th-list
My resume (Hebrew) - http://vapid.reprehensible.net/~ge/resume.rtf
Powered by blists - more mailing lists