Full Disclosure mailing list archives
Re: smarter dcom worm
From: Jeremiah Cornelius <jeremiah () nur net>
Date: Wed, 13 Aug 2003 09:36:10 -0700
On Tuesday 12 August 2003 04:51 pm, Marc Maiffret wrote: <SNIP>
You are correct in that "this worm sucks" but I think you could more eloquently put it as "this is probably the biggest pile of shit glued together crap ass excuse for a worm" that I've ever seen. >:-] That is NOT to say it is not being affective and damaging though. It is definitely a bad one.
<SNIP> Thanks for getting this out there, Marc! I have been trying to indicate to victims in my customer base that they should be glad that this first round is a bit of a hassle, but maybe a blessing for them, because the worm is junk code - just short of a dud. Hey! Free, unscheduled assessment! We will undoubtably see a transition to a more robust transport and exploit code, coupled with a more threatening payload - like the Code Red / Nimda transition in 2001. I am afraid that the number of vectors will go up, though. All the port-blocks and ACLs that drop Blaster will be conveniently avoided for the next wave here. Anyone who cherry-picked symptomatic approaches over a holistic application of depth defenses are still going to be hit - and they'll wonder just how it could have happened again! -- Jeremiah Cornelius, CISSP, CCNA, MCSE Information Security Technology email: jcorneli () hotmail com - mobile: 415.235.7689 "What would be the use of immortality to a person who cannot use well a half hour?" --Ralph Waldo Emerson _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Firewalls, (continued)
- Firewalls Geo. (Aug 13)
- Re: New msbalster? Jeremiah Cornelius (Aug 13)
- Re: Firewalls Ron DuFresne (Aug 13)
- Re: Firewalls Joey (Aug 13)
- Re: Firewalls CHeeKY (Aug 13)
- Re: Firewalls Nathan Seven (Aug 14)
- RE: smarter dcom worm Joey (Aug 13)
- Re: smarter dcom worm Jeremiah Cornelius (Aug 13)
- Re: smarter dcom worm Jeremiah Cornelius (Aug 13)
- RE: smarter dcom worm gml (Aug 13)
- Re: smarter dcom worm Gabe Arnold (Aug 13)