[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Authorities eye MSBlaster suspect
- To: full-disclosure@lists.netsys.com
- Subject: Re: [Full-Disclosure] Authorities eye MSBlaster suspect
- From: Nick FitzGerald <nick@virus-l.demon.co.uk>
- Date: Fri, 29 Aug 2003 23:19:28 +1200
Florian Weimer <fw@deneb.enyo.de> replied to "Larry Roberts":
> > The funnier thing would be if this was the guy tried to make the
> > variant that takes over your machine via the DCOM exploit and goes
> > out the windowsupdate.com and downloads the fix. That would be
> > hilarious!!!
>
> This worm (which isn't a variant of the original one) ...
Correct -- the more clueful AV vendors were immediately aware of that
and thus gave it a new family name (pity they weren't clueful enough to
talk amongst each other and all settle on the _same_ new family name).
Thus the "try to install the DCOM RPC patch" worm is mainly known as
Nachi, Welchia and Welchi.
That has nothing to do with Blaster.B (or LovSan.B or MSBlast.B or
Poza.B or whatever other name your favourite AV calls what the media
seems to have settled on as "Blaster").
> ... is causing most
> of the damage. Punishing the author would only be fair.
Yep.
And the hoary old chestnut "I didn't realize it would spread so far, so
fast or cause any damage" defense is bound to get another airing
despite its fundamental stupidity...
--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html