lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <3F3A2351.5947.4FA1D2FE@localhost>
Date: Wed, 13 Aug 2003 11:38:57 +1200
From: Nick FitzGerald <nick@...us-l.demon.co.uk>
To: full-disclosure@...ts.netsys.com
Cc: bugtraq@...urityfocus.com
Subject: Re: Windows Dcom Worm planned DDoS


Sebastian Niehaus <killedbythoughts@...dcrime.net> to me:

> > And, of course, if MS started messing with the DNS entries for 
> > windowsupdate.com, it would be cutting an awful lot of users off from 
> > much needed updates. which could be as disturbing as the rest of the 
> > worm's effects...
> 
> Could be a nice feature of a worm to modify the "hosts" file and
> prevent infected maschines to do DNS lookups.
> 
> Users typing "www.microsoft.com" into their browsers could be tricked
> into downloading stuff from hostile servers and the "windows update"
> could be disabeled easily.
> 
> This probably istn't a new concept, eh?

Correct about messing with the hosts file -- has been used by various 
adware, spyware and browser hijackers for various purposes and 
occasionally by other malware to, for example, block access to AV 
and/or other security sites (pointing www.<company>.com to 127.0.0.1 
for example).  Offhand I don't recall it being used specifically to 
target Windows Update or other MS sites with the intention of causing 
the user to unwittingly d/l something malicious (in general, if a piece 
of malware has this level of access to the victim's machine it probably 
can do much, if not all, it needs without engaging in network address 
subterfuges...).


-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ