Re: Authorities eye MSBlaster suspect

[Nick FitzGerald <nick () virus-l demon co uk>]

Florian Weimer <fw () deneb enyo de> replied to "Larry Roberts":

> > The funnier thing would be if this was the guy tried to make the
> > variant that takes over your machine via the DCOM exploit and goes
> > out the windowsupdate.com and downloads the fix. That would be
> > hilarious!!!
>
> This worm (which isn't a variant of the original one) ...

Correct -- the more clueful AV vendors were immediately aware of that 
and thus gave it a new family name (pity they weren't clueful enough to 
talk amongst each other and all settle on the _same_ new family name).  
Thus the "try to install the DCOM RPC patch" worm is mainly known as 
Nachi, Welchia and Welchi.

That has nothing to do with Blaster.B (or LovSan.B or MSBlast.B or 
Poza.B or whatever other name your favourite AV calls what the media 
seems to have settled on as "Blaster").

> ... is causing most
> of the damage.  Punishing the author would only be fair.

Yep.

And the hoary old chestnut "I didn't realize it would spread so far, so 
fast or cause any damage" defense is bound to get another airing 
despite its fundamental stupidity...


-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html