lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <000001c2c4da$5d813a60$0201a8c0@bedroom>
From: ratman6 at earthlink.net (Matt Smith)
Subject: RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!

Guys,
    This puppy is FAR from harmless and I mean far, This SOB is gonna
wind up worse than Code Red, Nimda, or even the great worm of '88.  I
doubt very much the Morris Worm downed ENTIRE COUNTRIES, as Sapphire did
to South Korea today.  Cyberterrorism has been spoken of for years.
Well, guess what boys and girls, it's here, right now. :(.  Curious this
thing started up on a Friday night isn't it??? All the sysadmins are
gone for the weekend and thus could not respond it a timely fashion to
this latest security threat.  This one is not gonna cleaned up for
awhile.  I think this thing was written as a weapon of terrorism and it
is doing its job.  Much to the chagrin of the people like me who now
have to deal with the backlash this thing is causing :(.

Microsoft:

Why do you put out such bad software?

Sysadmins of unpatched boxes:

PATCH YOUR STUFF NOW!!!!!!!

Matt Smith - ISO http://www.fabulous5iveinternational.com


-----Original Message-----
From: Richard M. Smith [mailto:rms@...puterbytesman.com] 
Sent: Saturday, January 25, 2003 6:11 PM
To: jasonc@...ence.org; 'Jay D. Dyson'; 'Bugtraq'; 'Full-Disclosure'
Subject: RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!

However, this worm might not be so harmless as it appears because of
collateral damage:

   Bank of America ATMs Disrupted by Virus
 
http://story.news.yahoo.com/news?tmpl=story&ncid=578&e=3&cid=569&u=/nm/2
0030125/tc_nm/tech_virus_dc

   "SEATTLE (Reuters) - Bank of America Corp. said on 
   Saturday that customers at a majority of its 13,000 
   automatic teller machines were unable to process 
   customer transactions after a malicious computer worm 
   nearly froze Internet traffic worldwide."

Richard M. Smith
http://www.ComputerBytesMan.com

-----Original Message-----
From: Jason Coombs [mailto:jasonc@...ence.org] 
Sent: Saturday, January 25, 2003 4:41 PM
To: Jay D. Dyson; Bugtraq
Subject: RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!


Jay Dyson wrote:
>	And to think...up until tonight, I thought the vulnerabilities
> that paved the way for Nimda were the worst that Microsoft could do
> to the net.community.  They've really topped themselves this time.

As of now we don't know who wrote the worm, but we do know that it looks
like a concept worm with no malicious payload. There is a good argument
to
be made in favor of such worms. Whomever did write this worm could have
done
severe damage beyond unfocused DDoS and chose not to do so. One would
expect
intelligence agencies in developed countries to write and release
precisely
this type of concept worm as a form of mass inoculation against
malicious
attacks.

Before you get upset at your vendor, or anyone else's, consider the
bigger
picture and recognize the increased security hardening the Internet just
received. Belief in this silver lining shouldn't be taken too far, of
course, but flaming anyone over an event like this is misplaced
considering
the number of infosec experts who would probably have agreed to write
this
worm if approached by their nations' government with proof that an
adversary
was planning to cause severe harm by exploiting the W32/SQLSlammer
vulnerability.

Sincerely,

Jason Coombs
jasonc@...ence.org


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ