Full Disclosure mailing list archives
Re: [Dshield] new msblaster on the loose?
From: John Sage <jsage () finchhaven com>
Date: Wed, 13 Aug 2003 12:16:37 -0700
arrggg... On Wed, Aug 13, 2003 at 10:23:23AM -0700, David Vincent wrote:
anyone else seeing this? --------------- http://www.theinquirer.net/?article=11018 New version of Blaster worm on the loose Already By INQUIRER staff: Wednesday 13 August 2003, 16:51 KASPERSKY LABS claimed this afternoon that there's already a new version of the Blaster/Lovesan worm on the loose.
the Inquirer.. Kaspersky... Two of the most sober, most credible, most consistent authorities I can think of. <troll on> The only person that I'd put greater value in, if I was to hear a comment about all this, would be something from Steve Gibson. </troll off>
And it says that's likely to mean a repeat of the outbreak we've seen during this week. The new variety of Lovesan exploits the same vulnerability. Kaspersky says that the number of infected systems is around the 300,000 mark, and the new variety may double this number.
Bullsh1t.. C'mon folks, think about this a bit. Changing the name of the executable does *not* make a variant of any significance. You can call it foo.exe or bar.exe and if it does absolutely the same thing, the name change is irrelevant... ...except to set off those self-serving companies who are trying to get some press out of all this: "Trend-mantec releases a press report noting the fifteen variant of the Win32-blah_blah worm, using a executable "self-serving-publicity.exe". Video of the press conference at eleven!!!" ...and to those who think they're safe if they have an up-to-date snort signature: "Oh my gawd.. I just put the snort rule that catches "p3n1s32.exe" and now those bad script kiddies have switched to "teek_bar.exe"... Let me give you a clue: they're just playing with your head.
"In the worst case, the world community can face a global Internet slow down and regional disruption... to the World Wide Web," said Eugene Kaspersky, head of the labs.
Give me a break... Yeah, I'll bet he said it, to anyone who'd listen. Let's rename it "warhol_worm.exe" and watch the experts freak... - John -- "Obviously, we do not want to leave zombies around." _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- new msblaster on the loose? David Vincent (Aug 13)
- Re: new msblaster on the loose? Person (Aug 13)
- Re: [Dshield] new msblaster on the loose? John Sage (Aug 13)
- Re: Re: [Dshield] new msblaster on the loose? Joey (Aug 13)
- Re: Re: [Dshield] new msblaster on the loose? Jeremiah Cornelius (Aug 13)
- Re: Re: [Dshield] new msblaster on the loose? Victor Vieira (Aug 18)
- Re: Re: [Dshield] new msblaster on the loose? Joey (Aug 13)
- <Possible follow-ups>
- RE: new msblaster on the loose? Kane Lightowler (Aug 14)
- Re: new msblaster on the loose? Jay Woody (Aug 14)
- RE: new msblaster on the loose? Arnold, Jamie (Aug 14)
- RE: Re: new msblaster on the loose? Robert Ahnemann (Aug 14)