lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: c2_protect at hotmail.com (Computer Security) Subject: Mydoom: perfect storm averted or just ahead? Worms traveling across the Internet are like waves rolling and swelling across an ocean. Just because the first swell does not catch inundate a network, one should not assume invincibility to next wave in the perfect storm. Reports vary in Mydoom.a – generated traffic; between 1 in 7-12 Emails. Although Mydoom.a infested may networks, it apparently bypassed others. Sophos http://www.sophos.com/virusinfo/analyses/w32mydooma.html reported that the initial variant was programmed to bypass certain domains or addresses with strings to include the following: acketst, arin., avp, berkeley, borlan, bsd, example, fido, foo., fsf., gnu, google, .gov, gov., hotmail, iana, ibm.com, icrosof, ietf, inpris, isc.o, isi.e, kernel, linux, math, .mil, mit.e, mozilla, msn., mydomai, nodomai, panda, pgp, rfc-ed, ripe., ruslis, secur, sendmail, sopho, syma, tanford.e, unix, usenet, utgers.ed Experience shows that programmers are quick to “improve” upon initial code, modifying and releasing variants (note Sobig and now Mydoom.b - http://www.computerworld.com/securitytopics/security/virus/story/0,10801,89494,00.html?SKC=news89494. Lesson learned: 1. Do not rest on your laurels, assuming your network has good defense-in-depth ( Executables stripped away at Email server, Outlook security patch installed) . The next version could be modified with condition right to target your environment and hit you with a perfect storm. 2. It would be difficult for a malicious programmer, cyber terrorists or cyber activists to target a specific environment and protect others ( Eg., launch denial of service against SCO.com because I like LINUX and don’t like SCO legal actions. Protect my computer at Berkley.edu because I don’t want to effect my own Email.) Programmers can easily modify code and launch an attack against another environment. Karl Wolfgang _________________________________________________________________ MSN 8 with e-mail virus protection service: 2 months FREE* http://join.msn.com/?page=features/virus
Powered by blists - more mailing lists