lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3F53301F.5995.B17AD266@localhost>
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: DCOM/RPC story (Analogy)

madsaxon <madsaxon@...ecway.com> wrote:

> At 12:19 PM 8/31/03 -0700, Steven Fruchter wrote:
> >That is completely moronic to act as if he did not do anything but just 
> >hex edit the code and change the name for example on the .exe .  He also 
> >like a moron had the infected drones contact his website (which he is 
> >registered to) so that he can see who has been infected to control them. \
> 
> Assuming that he is, in fact, responsible.  If I wanted
> to release a worm and blame someone else for it, the first thing
> I'd do is pick out some basically clueless kiddie who's been
> bragging about his skillz on IRC and set him up exactly like
> this.  Next thing you know, the FBI and virtually everyone on
> the planet is convinced he's guilty, and I get off scot free,
> ready to release my next new and improved worm. Piece o' cake.

Yeah, good plan...

Though, please explain how you would do the remote profiling to be sure 
that the clueless kiddie bragging about his skillz on IRC is the type 
who will confess to precisely the required actions when the FBI comes 
knocking a week or so later?


Regards,

Nick FitzGerald


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ