Full Disclosure mailing list archives
Re: DCOM/RPC story (Analogy)
From: Ralf <ralfml () alfray com>
Date: Sun, 31 Aug 2003 16:16:30 -0700
madsaxon wrote:
Assuming that he is, in fact, responsible. If I wanted to release a worm and blame someone else for it, the first thing I'd do is pick out some basically clueless kiddie who's been
Sure but then why wasn't the original version doing so?Why limiting the target to one script kiddie and letting him have a backdoor control over it? Why contacting only one IP? Given the expected spread of the worm, contacting one sole site would almost be similar to DDoSing yourself in the foot.
What you suggest is almost as if someone steals a credit card and order stons of stuff online and have it delivered at the card's owner home. He/she sure would have a lot of trouble proving the bank it was fraudulent, but then why would this be done but by someone who knows and hates that person?
Yet it's all right. Tracing the original responsible person/group is probably so much trouble that authorities will love having someone easy to blame.
R/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- DCOM/RPC story (Analogy) Kristian Hermansen (Aug 31)
- RE: DCOM/RPC story (Analogy) Steven Fruchter (Aug 31)
- RE: DCOM/RPC story (Analogy) madsaxon (Aug 31)
- Re: DCOM/RPC story (Analogy) Ralf (Aug 31)
- Re: DCOM/RPC story (Analogy) Kristian Hermansen (Aug 31)
- RE: DCOM/RPC story (Analogy) madsaxon (Aug 31)
- Re: DCOM/RPC story (Analogy) Jarmo Joensuu (Aug 31)
- RE: DCOM/RPC story (Analogy) Steven Fruchter (Aug 31)