lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
From: WolfgangK at usfk.korea.army.mil (WolfgangK@...k.korea.army.mil)
Subject: Mydoom: Perfect Storm Averted or Just Ahead?

Worms traveling across the Internet are like waves rolling and swelling
across an ocean.  Just because the first swell does not catch inundate a
network, one should not assume invincibility to next wave in the perfect
storm.

Report vary in Mydoom.a - generated traffic; between 1 in 7-12 Emails.
Although Mydoom.a infested may networks, it apparently bypassed others.
Sophos  http://www.sophos.com/virusinfo/analyses/w32mydooma.html reported
that the initial variant was programmed to bypass certain domains or
addresses with strings to include the following:

acketst, arin., avp, berkeley, borlan, bsd, example, fido, foo., fsf., gnu,
google, .gov, gov., hotmail, iana, ibm.com, icrosof, ietf, inpris, isc.o,
isi.e, kernel, linux, math, .mil, mit.e, mozilla, msn., mydomai, nodomai,
panda, pgp, rfc-ed, ripe., ruslis, secur, sendmail, sopho, syma, tanford.e,
unix, usenet, utgers.ed

Experience shows that programmers are quick to "improve" upon initial code,
modifying and releasing variants (note Sobig and now Mydoom.b -
http://www.computerworld.com/securitytopics/security/virus/story/0,10801,894
94,00.html?SKC=news89494 ). 

Lesson learned:  
1. Do not rest on your laurels, assuming your network has good
defense-in-depth ( Executables stripped away at Email server, Outlook
security patch installed)because the first wave didn't affect you.  The next
version could be modified with condition right to target your environment
and hit you with a perfect storm.

2.  It would be difficult for a malicious programmer, cyber terrorists or
cyber activists to target a specific environment and protect others ( Eg.,
launch denial of service against SCO.com because I like LINUX and don't like
SCO legal actions.  Protect my computer at Berkley.edu because I don't want
to effect my own Email.)  Programmers can easily modify code and launch an
attack against another environment.

Comments?

Karl F. Wolfgang
Systems Security Manager
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040129/2421bc55/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ