lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <401E386C.12378.14F27D38@localhost>
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: MyDoom download info

Steve Wray <steve.wray@...adise.net.nz> wrote:

> Paul, your quoting is a bit off there (makes it look as if I wrote
> that),
> but to address the points, as one person wrote, its difficult to spread 
> fast when you are trying to be stealthy; I would argue that if one is 
> stealthy enough, one doesn't need to spread fast since one is trying to 
> evade detection rather than evading elimination.
> 
> If a virus could spread slowly but stealthily, it could be all over
> the planet and activated before any antivirus vendor became aware
> of its presence and came out with a fix; it wouldn't matter much
> if it took a year of quiet spreading.
> 
> Sometimes (and here I go sounding paranoid again) it seems that the
> viruses and worms we see are nothing but a smokescreen; they are
> SO VERY obvious.
> 
> so-called 'script kiddies' and the old school vxers wanted a quick hit
> of adrenalin. Organised crime syndicates are a lot more patient.

I think you are missing something rather important here...

You do not have to be stealthy to be successful.

The "bad guys" (VX'ers, organized crime,however you paint it) seem to 
have worked out that if you hit a few million Email addresses you will 
get run on a several hundred to a few thousand machines that are not 
only not "protected" with AV and/or a firewall (or that will be left 
for quite some time with them disabled after your code disables them) 
but which have always-on high-speed Internet connections.  That's 
probably enough machines for several weeks to months of their nefarious 
uses, with many of the  machines slowly getting picked off as 
complaints to the service providers escalate to the point where the 
individual owners have their access denied until they "fix" their 
machines.

This is a classic negative application of the much-vaunted "autonomy" 
of the Internet.


Regards,

Nick FitzGerald

Powered by blists - more mailing lists