[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] recent RPC/DCOM worm thought

To: <full-disclosure@lists.netsys.com>
Subject: Re: [Full-Disclosure] recent RPC/DCOM worm thought
From: "Mike buRdeN" <burden@burden.cc>
Date: Thu, 14 Aug 2003 02:08:11 -0700

THANK YOU... i've been telling many people this conspiracy theory. i didn't
want to post my .2 cents since it's not security related. but here's my
reasons. they used an old, off the shelf version of this exploit. didn't
modify it much. let's face it. there's much better ways of being stealthy
with this vuln. not to mention it's attacking the WRONG site. i believe all
updates come from update.microsoft.com although it is possible for the
domain to resolve the same address.

k so that out of the way lets go on to the method of spreading. i think we
can all agree sequential scanning can get lengthy rather than code red's
solution. not to mention using tftp to just copy itself. given that's an
easy option and everyone has it. and yes, 4 (or sometimes 5) days is a bit
greedy for a worm who's sole purpose is to ddos _A_ website.

 i definately am glad other people have thought about this. the only other
option is some lame script kiddie had his brother code this thing, and it
took this long (given the amount of time that source was released) to write
this poor excuse for a worm. i'm just glad it wasn't as malicious as it
could have been judging by how many of my friends were effected by this.
just goes to show they really don't listen to you when you tell them to
patch their computer almost a month ago. i've even had some people say "i
let my firewall down to get a better ping on my game and all of a sudden i
had to reboot" goes to show that games really do more harm than meets the
eye, heh. i feel that there were more reasons for my conspiracy theory but
just saying this is enough to raise a few brows.

----- Original Message ----- 
From: "Eichert, Diana" <deicher@sandia.gov>
To: <full-disclosure@lists.netsys.com>
Sent: Wednesday, August 13, 2003 5:42 AM
Subject: [Full-Disclosure] recent RPC/DCOM worm thought


> I've been thinking about how "poorly" this worm was 
> written and how it really wasn't very malicious, just 
> very time consuming, forcing people/companies to 
> install patches to their systems.
> 
> Now here's an alternative thought about it.
> 
> What if "someone" purposely wrote this worm to get 
> the attention of people to patch their systems, not 
> to DOS the mickeysoft upgrade site.  If they really 
> wanted to create a DOS against a website they wouldn't 
> have postponed it for 4 days.  That's a long time in 
> today's world.
> 
> I mean if you were mickeysoft and there was a known 
> security hole wouldn't it be in you best interest to 
> have the first real exploit of it be relatively benign?
> It gets everyone's attention and they are forced to 
> install the latest security patch.
> 
> anyway, my US$.02 worth
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] recent RPC/DCOM worm thought
  - From: "Eichert, Diana" <deicher@sandia.gov>

Prev by Date: RE: [Full-Disclosure] east coast powergrid / SCADA [OT?]
Next by Date: Re: [Full-Disclosure] east coast powergrid / SCADA [OT?]
Prev by thread: [Full-Disclosure] recent RPC/DCOM worm thought
Next by thread: RE: [Full-Disclosure] recent RPC/DCOM worm thought
Index(es):
- Date
- Thread