lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <008801c37012$c91f9bc0$6401a8c0@ChEEz>
From: steven_fruchter at hotmail.com (Steven Fruchter)
Subject: DCOM/RPC story (Analogy)

Well harmless?  He added in a backdoor called Lithium, so that he can
remotely connect to each exploited machine, and had them contact his
website so he can keep track of who is infected, and control them
(DDoS).  So yes he did leave in the attack against MS update site but he
also added in his own little tricks which is what got him caught.

-Steven Fruchter

-----Original Message-----
From: ww@...x.org [mailto:ww@...x.org] 
Sent: Sunday, August 31, 2003 3:31 PM
To: Steven Fruchter
Cc: full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] DCOM/RPC story (Analogy)


On Sun, Aug 31, 2003 at 12:19:35PM -0700, Steven Fruchter wrote:
> That is completely moronic to act as if he did not do anything but 
> just hex edit the code and change the name for example on the .exe .  
> He also like a moron had the infected drones contact his website 
> (which he is registered to) so that he can see who has been infected 
> to control them. This means that he had more than just wanting to 
> change the name of an .exe for example, it shows his intent.

I was not aware of this. Yes, it changes the scenario somewhat: it
mitigates the amount of "damage" of that could be caused by the worm if
he had just changed some text strings.

Consider: all drones controlled by a single entity or drones 
controlled by multiple uncoordinated entities. Which has the greatest
potential for, say, a coordinated DDOS attack?

Of course distrupting the worm's control mechanism probably wasn't his
intent. So maybe he's a bit misguided but mostly harmless.

> Regardless of what he did or didn't do, he will
> probably get the blame of the entire thing

Trial by media anyone?


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ