lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <E8A3392724A75849B7FA030CAF41A748797B4E@amserv0.affinity-mortgage.com>
From: rahnemann at affinity-mortgage.com (Robert Ahnemann)
Subject: Re: new msblaster on the loose?

If it exploits the same vulnerability, won't it be LESS effective since many people have been hit and thus patched their systems?  Wouldn't an effective blaster variant find a different loophole?

-----Original Message-----
From: Jay Woody [mailto:jay_woody@....com] 
Sent: Thursday, August 14, 2003 10:12 AM
To: list@...ield.org; full-disclosure@...ts.netsys.com; david.vincent@...htyoaks.com; incidents@...urityfocus.com
Subject: [Full-Disclosure] Re: new msblaster on the loose?

Guys, not to be weird, but wtf does this mean?

>> And it says that's likely to mean a repeat of the outbreak we've
seen during
>> this week. The new variety of Lovesan exploits the same
vulnerability.
>> 
>> Kaspersky says that the number of infected systems is around the
300,000
>> mark, and the new variety may double this number.
>> 
>> "In the worst case, the world community can face a global Internet
slow down
>> and regional disruption... to the World Wide Web," said Eugene
Kaspersky,
>> head of the labs.

If people got hit and they patched, then how will this be a repeat? 
How will the numbers DOUBLE?!  "In the worst case . . . "?  No, in the
worst case, New Kids on the Block could start a reunion tour.  Give me a
break, the first one hit, surely a bunch of people patched (even some of
the people that didn't beforehand are surely smart enough to realize the
error of their way now right?!).  So any future infection is bound to be
less unless it has figured out a different way to exploit it (in which
case it really isn't the same worm is it?) or figures out a way to scan
IP addresses that the first one didn't.  I don't see anything saying
that this worm is any different than the first one in those cases, so
sounds like FUD to me.

JayW

>>> David Vincent <david.vincent@...htyoaks.com> 08/13/03 12:23PM >>>
anyone else seeing this?

---------------

http://www.theinquirer.net/?article=11018 

New version of Blaster worm on the loose
Already

By INQUIRER staff: Wednesday 13 August 2003, 16:51
KASPERSKY LABS claimed this afternoon that there's already a new
version of
the Blaster/Lovesan worm on the loose.

And it says that's likely to mean a repeat of the outbreak we've seen
during
this week. The new variety of Lovesan exploits the same vulnerability.

Kaspersky says that the number of infected systems is around the
300,000
mark, and the new variety may double this number.

"In the worst case, the world community can face a global Internet slow
down
and regional disruption... to the World Wide Web," said Eugene
Kaspersky,
head of the labs.

The new variety uses the name TEEKIDS.EXE instead of MSBLAST.EXE,
different
code compression, and different signatures in the body of the worm. ?

---------------


David Vincent  CNA/MCSE
Network Administrator

www.mightyOaks.com 
david.vincent@...htyoaks.com 


MIGHTY OAKS WIRELESS SOLUTIONS INC.
209-3347 Oak Street
Victoria, B.C. Canada V8X 1R2 
Phone: 250.386.9398   Fax:  250.386.9399
Pager: 250.380.4575   Cell: 250.884.3000

---------------------------------------------------------------------------
----------------------------------------------------------------------------



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ