lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.GSO.4.43.0207151338550.16133-100000@tundra.winternet.com>
From: dufresne at winternet.com (Ron DuFresne)
Subject: w32.frethem.k@mm and good reading

On Mon, 15 Jul 2002, Mark J. Walborn wrote:

> Has anyone encountered the above mentioned worm? Several anti-viral software
> companies have posted updates as of midnight..
>

Trend Micro released this announcement on it recently:

<quote>
This non-destructive, memory-resident variant of WORM_FRETHEM.D propagates
via email. It arrives as an attachment with the following details:

Subject: Re: Your password!

Message Body: You can access very important information by this password
DO NOT SAVE password to disk use your mind
now presscancel

Attachment: DECRYPT-PASSWORD.EXE
PASSWORD.TXT

On systems with unpatched Internet Explorer, the file attachments
automatically
execute when this email message is previewed or opened in Microsoft
Outlook and
Outlook Express.

WORM_FRETHEM.K is detected by pattern file #317.

For more information on WORM_FRETHEM.K please visit our Web site at:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_FRETHEM.K
</quote>

> Also, I found the following article of interest.
>
> By Robin Miller, NewsForge.com
> >    Posted: 06/06/2002 at 12:10 GMT

	[article SNIPPED]

They article in question discusses security through obscurity, which is
not viewed as sound by most folks in the security arena.  If the skript
kiddies looked hard enough they surely could find older sploits for such
systems, if they took the time to attempt to identify the underlying Os to
any degree, and surely better crackers will take that time.  Of course
there is this bit on the issue recently:

<quote>

How often hackers attack, and what they're after.  Attack activity against
corporate networks went up significantly in the first half of 2002 when
compared with the second half of 2001, but the good news is that the
incidence of highly sophisticated attacks was low between January and June
this year.  Despite the increased activity, the number of attacks that are
considered highly aggressive or sophisticated was less than 1 percent.
When highly aggressive attacks occur, they are more than 26 times more
likely to have severe effects than attacks that are classified as
moderately aggressive, so even the small percentage of such attacks
remains cause for concern. (Internet Week, 11 Jul)

</quote>

Which begs the question, are more sophisticated attacks really reduced, or
are more of them actually going undetected?

Thanks,


Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
	***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ