| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <3F4FDF80.16967.A487E5DF@localhost> From: nick at virus-l.demon.co.uk (Nick FitzGerald) Subject: Authorities eye MSBlaster suspect Florian Weimer <fw@...eb.enyo.de> replied to "Larry Roberts": > > The funnier thing would be if this was the guy tried to make the > > variant that takes over your machine via the DCOM exploit and goes > > out the windowsupdate.com and downloads the fix. That would be > > hilarious!!! > > This worm (which isn't a variant of the original one) ... Correct -- the more clueful AV vendors were immediately aware of that and thus gave it a new family name (pity they weren't clueful enough to talk amongst each other and all settle on the _same_ new family name). Thus the "try to install the DCOM RPC patch" worm is mainly known as Nachi, Welchia and Welchi. That has nothing to do with Blaster.B (or LovSan.B or MSBlast.B or Poza.B or whatever other name your favourite AV calls what the media seems to have settled on as "Blaster"). > ... is causing most > of the damage. Punishing the author would only be fair. Yep. And the hoary old chestnut "I didn't realize it would spread so far, so fast or cause any damage" defense is bound to get another airing despite its fundamental stupidity... -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854
Powered by blists - more mailing lists