| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20030813191637.GB24440@sparky.finchhaven.net> From: jsage at finchhaven.com (John Sage) Subject: Re: [Dshield] new msblaster on the loose? arrggg... On Wed, Aug 13, 2003 at 10:23:23AM -0700, David Vincent wrote: > anyone else seeing this? > > --------------- > > http://www.theinquirer.net/?article=11018 > > New version of Blaster worm on the loose > Already > > By INQUIRER staff: Wednesday 13 August 2003, 16:51 > KASPERSKY LABS claimed this afternoon that there's already a new > version of the Blaster/Lovesan worm on the loose. the Inquirer.. Kaspersky... Two of the most sober, most credible, most consistent authorities I can think of. <troll on> The only person that I'd put greater value in, if I was to hear a comment about all this, would be something from Steve Gibson. </troll off> > And it says that's likely to mean a repeat of the outbreak we've > seen during this week. The new variety of Lovesan exploits the same > vulnerability. > > Kaspersky says that the number of infected systems is around the > 300,000 mark, and the new variety may double this number. Bullsh1t.. C'mon folks, think about this a bit. Changing the name of the executable does *not* make a variant of any significance. You can call it foo.exe or bar.exe and if it does absolutely the same thing, the name change is irrelevant... ...except to set off those self-serving companies who are trying to get some press out of all this: "Trend-mantec releases a press report noting the fifteen variant of the Win32-blah_blah worm, using a executable "self-serving-publicity.exe". Video of the press conference at eleven!!!" ...and to those who think they're safe if they have an up-to-date snort signature: "Oh my gawd.. I just put the snort rule that catches "p3n1s32.exe" and now those bad script kiddies have switched to "teek_bar.exe"... Let me give you a clue: they're just playing with your head. > "In the worst case, the world community can face a global Internet > slow down and regional disruption... to the World Wide Web," said > Eugene Kaspersky, head of the labs. Give me a break... Yeah, I'll bet he said it, to anyone who'd listen. Let's rename it "warhol_worm.exe" and watch the experts freak... - John -- "Obviously, we do not want to leave zombies around."
Powered by blists - more mailing lists