lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <00de01c36243$96ad8170$680aa8c0@aut0mator>
From: burden at burden.cc (Mike buRdeN)
Subject: recent RPC/DCOM worm thought

THANK YOU... i've been telling many people this conspiracy theory. i didn't
want to post my .2 cents since it's not security related. but here's my
reasons. they used an old, off the shelf version of this exploit. didn't
modify it much. let's face it. there's much better ways of being stealthy
with this vuln. not to mention it's attacking the WRONG site. i believe all
updates come from update.microsoft.com although it is possible for the
domain to resolve the same address.

k so that out of the way lets go on to the method of spreading. i think we
can all agree sequential scanning can get lengthy rather than code red's
solution. not to mention using tftp to just copy itself. given that's an
easy option and everyone has it. and yes, 4 (or sometimes 5) days is a bit
greedy for a worm who's sole purpose is to ddos _A_ website.

 i definately am glad other people have thought about this. the only other
option is some lame script kiddie had his brother code this thing, and it
took this long (given the amount of time that source was released) to write
this poor excuse for a worm. i'm just glad it wasn't as malicious as it
could have been judging by how many of my friends were effected by this.
just goes to show they really don't listen to you when you tell them to
patch their computer almost a month ago. i've even had some people say "i
let my firewall down to get a better ping on my game and all of a sudden i
had to reboot" goes to show that games really do more harm than meets the
eye, heh. i feel that there were more reasons for my conspiracy theory but
just saying this is enough to raise a few brows.

----- Original Message ----- 
From: "Eichert, Diana" <deicher@...dia.gov>
To: <full-disclosure@...ts.netsys.com>
Sent: Wednesday, August 13, 2003 5:42 AM
Subject: [Full-Disclosure] recent RPC/DCOM worm thought


> I've been thinking about how "poorly" this worm was 
> written and how it really wasn't very malicious, just 
> very time consuming, forcing people/companies to 
> install patches to their systems.
> 
> Now here's an alternative thought about it.
> 
> What if "someone" purposely wrote this worm to get 
> the attention of people to patch their systems, not 
> to DOS the mickeysoft upgrade site.  If they really 
> wanted to create a DOS against a website they wouldn't 
> have postponed it for 4 days.  That's a long time in 
> today's world.
> 
> I mean if you were mickeysoft and there was a known 
> security hole wouldn't it be in you best interest to 
> have the first real exploit of it be relatively benign?
> It gets everyone's attention and they are forced to 
> install the latest security patch.
> 
> anyway, my US$.02 worth
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ