lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <007a01c3a599$8915ea40$9ec6fea9@whitestar>
From: ge at egotistical.reprehensible.net (Gadi Evron)
Subject: irc.trojan.fgt - new variant.

> Yes but like you said it uses an angelfire page, If you take 
> it down the virus is stopped If it gets too succesfull 
> bandwidth limits are exceeded. So it will never widely spread 
> that way If someone where to include a webserver in the worm 
> there's no single point of failure

Exactly why:
A. This trojan is dead now.
B. The author kept releaseing clones/varaiants with different URL's.

It condusted massive spamming for itself, then died. Same thing with the
next variant.

As I wrote in my email, this trojan horse's success was propelled by the
author releasing _new_ clones "all the time" from different URL's. It
was never built to last. It was build to destroy.

As to never widely spreading... It did. :/

But your points are valid for the regular "things" we see out there.

      Gadi Evron (i.e. ge),
      ge@...uxbox.org.

--------
gevron@...vision.net.il -
PGP Key: 2048/2048 (Size) 0x2D3D6741 (ID).
Fingerprint: 0EB3 00BC 974B 3C2B 336D 6486 ECA5 2D0D 2D3D 6741.

The Trojan Horses Research mailing list - http://ecompute.org/th-list

My resume (Hebrew) - http://vapid.reprehensible.net/~ge/resume.rtf



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ