Re: RE: DCOM RPC exploit

[Valdis.Kletnieks () vt edu]

On Sat, 26 Jul 2003 23:49:05 PDT, "Steve W. Manzuik" said:

> A worm exploiting this might happen, but is it really that big of a deal?

Compare the number of boxes that have the bug Slapper exploited with the number
of boxes that have DCOM open to the world....

When I hear that a worm's finally been spotted,  I'm yanking my laptop off the
net and going home - and it's a Linux box.  I'm just expecting to not get any
useful connectivity for a while.

And of course, anybody who's got half a clue and writes a worm is going to have
it drop off a trojan/backdoor... And then those boxes get used as spam relays,
front-end boxes for porn websites, keyboard sniffers, etc etc.  Gonna take a
LONG time to clean that mess up.

Hell, we're *still* seeing Code Red traffic.  And what we've *NOT* seen in the
last 2 years is a CERT advisory of this magnitude against a Microsoft product
that didn't spawn a "Holy Shit" scale worm.

Unfortunately, we've gotten so lulled by the "Just another damned worm"
scenario that maybe it's NOT a big deal anymore.   And that's just as scary as
the actual worm.

Attachment: _bin
Description: