Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Windows Dcom Worm planned DDoS

From: Reveret Julien <shaddai () nerim net>
Date: Wed, 13 Aug 2003 00:59:27 +0200
On Tue, Aug 12, 2003 at 07:02:37PM +0200, Sebastian Niehaus wrote:

And, of course, if MS started messing with the DNS entries for 
windowsupdate.com, it would be cutting an awful lot of users off from 
much needed updates. which could be as disturbing as the rest of the 
worm's effects...


Could be a nice feature of a worm to modify the "hosts" file and
prevent infected maschines to do DNS lookups.


Interesting concept :)


Users typing "www.microsoft.com" into their browsers could be tricked
into downloading stuff from hostile servers and the "windows update"
could be disabeled easily.


What if someone shutdowns the server ? I think a worm could be more
efficient by disabling windowsupdate.com (ptr to 127.0.0.1), preventing
users from patching easily their system.


This probably istn't a new concept, eh?


I don't know.

-- 
We are the knights who say 
echo '16i[q]sa[ln0=aln100%Pln100/snlbx]sbA0D4D465452snlbxq'|dc

Attachment: _bin
Description:

Previous By Date Next
Previous By Thread Next

Current thread: