[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200308130936.10642.jeremiah@nur.net>
From: jeremiah at nur.net (Jeremiah Cornelius)
Subject: smarter dcom worm
On Tuesday 12 August 2003 04:51 pm, Marc Maiffret wrote:
<SNIP>
> You are correct in that "this worm sucks" but I think you could more
> eloquently put it as "this is probably the biggest pile of shit glued
> together crap ass excuse for a worm" that I've ever seen. >:-] That is NOT
> to say it is not being affective and damaging though. It is definitely a
> bad one.
<SNIP>
Thanks for getting this out there, Marc!
I have been trying to indicate to victims in my customer base that they should
be glad that this first round is a bit of a hassle, but maybe a blessing for
them, because the worm is junk code - just short of a dud.
Hey! Free, unscheduled assessment!
We will undoubtably see a transition to a more robust transport and exploit
code, coupled with a more threatening payload - like the Code Red / Nimda
transition in 2001. I am afraid that the number of vectors will go up,
though. All the port-blocks and ACLs that drop Blaster will be conveniently
avoided for the next wave here. Anyone who cherry-picked symptomatic
approaches over a holistic application of depth defenses are still going to
be hit - and they'll wonder just how it could have happened again!
--
Jeremiah Cornelius, CISSP, CCNA, MCSE
Information Security Technology
email: jcorneli@...mail.com - mobile: 415.235.7689
"What would be the use of immortality to a person who cannot use well a half
hour?"
--Ralph Waldo Emerson
Powered by blists - more mailing lists