lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
From: c2_protect at hotmail.com (Computer Security)
Subject: Mydoom: perfect storm averted or just ahead?

Worms traveling across the Internet are like waves rolling and swelling 
across an ocean.  Just because the first swell does not catch inundate a 
network, one should not assume invincibility to next wave in the perfect 
storm.

Reports vary in Mydoom.a – generated traffic; between 1 in 7-12 Emails.  
Although Mydoom.a infested may networks, it apparently bypassed others.  
Sophos  http://www.sophos.com/virusinfo/analyses/w32mydooma.html reported 
that the initial variant was programmed to bypass certain domains or 
addresses with strings to include the following:

acketst, arin., avp, berkeley, borlan, bsd, example, fido, foo., fsf., gnu, 
google, .gov, gov., hotmail, iana, ibm.com, icrosof, ietf, inpris, isc.o, 
isi.e, kernel, linux, math, .mil, mit.e, mozilla, msn., mydomai, nodomai, 
panda, pgp, rfc-ed, ripe., ruslis, secur, sendmail, sopho, syma, tanford.e, 
unix, usenet, utgers.ed

Experience shows that programmers are quick to “improve” upon initial code, 
modifying and releasing variants (note Sobig and now Mydoom.b - 
http://www.computerworld.com/securitytopics/security/virus/story/0,10801,89494,00.html?SKC=news89494.

Lesson learned:

1.  Do not rest on your laurels, assuming your network has good 
defense-in-depth ( Executables stripped away at Email server, Outlook 
security patch installed) .  The next version could be modified with 
condition right to target your environment and hit you with a perfect storm.

2.  It would be difficult for a malicious programmer, cyber terrorists or 
cyber activists to target a specific environment and protect others ( Eg., 
launch denial of service against SCO.com because I like LINUX and don’t like 
SCO legal actions.  Protect my computer at Berkley.edu because I don’t want 
to effect my own Email.)  Programmers can easily modify code and launch an 
attack against another environment.

Karl Wolfgang

_________________________________________________________________
MSN 8 with e-mail virus protection service: 2 months FREE* 
http://join.msn.com/?page=features/virus

Powered by blists - more mailing lists