Full Disclosure mailing list archives
RE: DCOM/RPC story (Analogy)
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Mon, 01 Sep 2003 11:40:15 +1200
madsaxon <madsaxon () direcway com> wrote:
At 12:19 PM 8/31/03 -0700, Steven Fruchter wrote:That is completely moronic to act as if he did not do anything but just hex edit the code and change the name for example on the .exe . He also like a moron had the infected drones contact his website (which he is registered to) so that he can see who has been infected to control them. \Assuming that he is, in fact, responsible. If I wanted to release a worm and blame someone else for it, the first thing I'd do is pick out some basically clueless kiddie who's been bragging about his skillz on IRC and set him up exactly like this. Next thing you know, the FBI and virtually everyone on the planet is convinced he's guilty, and I get off scot free, ready to release my next new and improved worm. Piece o' cake.
Yeah, good plan... Though, please explain how you would do the remote profiling to be sure that the clueless kiddie bragging about his skillz on IRC is the type who will confess to precisely the required actions when the FBI comes knocking a week or so later? Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: DCOM/RPC story (Analogy) ww (Aug 31)
- RE: DCOM/RPC story (Analogy) Steven Fruchter (Aug 31)
- <Possible follow-ups>
- RE: DCOM/RPC story (Analogy) Nick FitzGerald (Aug 31)
- RE: DCOM/RPC story (Analogy) madsaxon (Aug 31)
- Re: DCOM/RPC story (Analogy) Jennifer Bradley (Aug 31)
- Re: DCOM/RPC story (Analogy) Kristian Hermansen (Sep 01)
- Re: DCOM/RPC story (Analogy) Jarmo Joensuu (Sep 01)
- RE: DCOM/RPC story (Analogy) Schmehl, Paul L (Sep 01)
- Re: DCOM/RPC story (Analogy) morning_wood (Sep 01)
- Re[2]: DCOM/RPC story (Analogy) Marc Chabot (.net) (Sep 01)
- Re: DCOM/RPC story (Analogy) morning_wood (Sep 01)