Dailydave mailing list archives
RE: Self updating worms?
From: Dave Aitel <dave () immunitysec com>
Date: Thu, 09 Sep 2004 16:28:41 -0400
On Thu, 2004-09-09 at 16:18, Anton A. Chuvakin wrote:
Frankly, I'm surprised this hasn't already been implemented many times over...I'd buy what Gadi Evron said over that. Why update a worm leaving a trail if you can make a new one? Resilient and untraceable worm update mechanism is a cool idea, but there might be no business case for it :-) in the realm of retail worms. Now, if you are talking custom stuff ... who knows.
I think the business case is there. Immunity has a lot of research (see Advanced Ordnance slides) going into multi-headed worms and transports and such. Not all hosts vulnerable to your new exploit are reachable from other hosts vulnerable to your new exploit - you want to just feed the exploit into the mill and see what comes out. -dave _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Self updating worms? Jonathan Wilkins (Sep 09)
- Re: Self updating worms? Gadi Evron (Sep 09)
- <Possible follow-ups>
- RE: Self updating worms? Kohlenberg, Toby (Sep 09)
- RE: Self updating worms? Anton A. Chuvakin (Sep 09)
- RE: Self updating worms? Dave Aitel (Sep 09)
- RE: Self updating worms? Anton A. Chuvakin (Sep 09)
- RE: Self updating worms? Jonathan Wilkins (Sep 09)
- Re: Self updating worms? Gadi Evron (Sep 09)
- Re: Self updating worms? Dave Aitel (Sep 09)
- Re: Self updating worms? Gadi Evron (Sep 09)
- Re: Self updating worms? Oded H (Sep 10)
- Re: Self updating worms? Gadi Evron (Sep 10)
- Re: Self updating worms? Blue Boar (Sep 10)
- RE: Self updating worms? Jonathan Wilkins (Sep 10)
- Re: Self updating worms? robert (Sep 10)
- RE: Self updating worms? Jonathan Wilkins (Sep 13)
- Re: Self updating worms? robert (Sep 13)