Full Disclosure mailing list archives
Re: Mydoom: Perfect Storm Averted or Just Ahead?
From: Papp Geza <pappgeza () tolna net>
Date: Thu, 29 Jan 2004 22:24:13 +0100
Hello WolfgangK , 2004. január 29., 6:34:49, írtad: Experience shows that programmers are quick to "improve" upon initial code, modifying and releasing variants (note Sobig and now Mydoom.b - http://www.computerworld.com/securitytopics/security/virus/story/0,10801,89494,00.html?SKC=news89494 ). ************* Early information indicates that the new variant is likely spreading in the wild, said Ken Dunham, director of malicious code at iDefense Inc., a security consulting company in Reston, Va. Dunham said the Mydoom.B worm modifies the standard hosts file in a Windows folder that can block access to 65 Web sites, most of which are antivirus Web sites, in an apparent attempt to block users from downloading antivirus solutions and data. This new variant of Mydoom is worse than Mydoom.A, Dunham said in a statement via e-mail. And an attack on the Microsoft.com Web site could cause a significant disruption of services for users worldwide. Its feasible that Mydoom.A computers are now being used to help launch Mydoom.B, via the proxy setup supported by the worm. If this is the case, Mydoom.B will likely become very prevalent in the wild in just a few short hours. Although that doesnt mean millions of computers are actually infected, it could mean millions of e-mails harboring the worm are in the wild, Dunham said. He said computer users should be on guard for a succession of worm attacks this year. Undoubtedly, attackers are now mirroring the success of worms like Sobig to launch successive attacks in 2004, Dunham said.
Describe specialist, you plead who.
http://www.computerworld.com/securitytopics/security/virus/story/0,10801,894 94,00.html?SKC=news89494 )link. ************************************ Lesson learned - >read you: 1. Do not rest on your laurels, assuming your network has good defense-in-depth ( Executables stripped away at Email server, Outlook security patch installed)because the first wave didn't affect you. The next version could be modified with condition right to target your environment and hit you with a perfect storm. 2. It would be difficult for a malicious programmer, cyber terrorists or cyber activists to target a specific environment and protect others ( Eg., launch denial of service against SCO.com because I like LINUX and don't like SCO legal actions. Protect my computer at Berkley.edu because I don't want to effect my own Email.) Programmers can easily modify code and launch an attack against another environment. Comments? ************************** Karl,
You write what, so that Sobig is and connection between the MydoomB - this is fancy only. MydoomA other hardly B variant - but this deviates in bulk from Sobig. The variant from Sobig!s worm gear represents also this header MydoomB from one.src file.
Ø_3ærÙ| JÒ¼'Vw_ÛÄ5äÊò;CwéUdì "Épc4±ÙH-{LW°_áÂÑr©0½ J©ñ5µ±[3ÕþÈ8É~Á*S/¬Üzßt¢.^ES_üG÷^%Òv°ÁüíßU¦£©äñ(. öõj½Å°M7ô¦}#Å7¶Vj¡Ó#¸qI±!ÏX·Ö©yú,'g}£ åuÈÓͳ÷ÛËså³ÊÆÈÄ«þúg?eÛo0W®úÁ nÌc\&Té^ȶki| HPCwà½xhÝÅr(K~secúÕ\L h_n|HV¨!i¿ ê4gjÇÊv¹ÕÈÚÜDÞ ¸$}8k<,Ø[Àé°¬Û,k¯Aì/ðê±ß/) ¹âíü~JJ{ÚmPBP÷Õ*&¢¡,À5\ÔêWp5òT¤Ë* Ò©LÏiMÅxW$yÐı)ïëI ¸r»õBãÚô vRìÃsiÙ .ÕIÐtõQW¶¼;V#X¹âHvñNCqrðç2úz1ø¸îv¿,º¶Á[T9濹Äv,__dz«ÚýªáEÎÚßyG:nw`Ñêð5»$kìg¢;6¢úI.OÆÖbáNzÏ3&h/IÄôðÔr:v9ÇøÍwÝxÏ·í<7ÎaÎ9ùáýì 4Òµ fU¼Èå¨nêy^DµûìáÄ7Q©¬ôÙ>ÜrQN2Ò {PéÔz¤nØÖUélÌDdw\,L°~TàI3ð\*÷dÒyV$ÌUUé"!dì -- Üdvözlettel, Geysap Network and Virussecurity from Hungary mailto:pappgeza () tolna net www.gyik.com "VIRUS CORE TEAM" ==================================== Fiat justitia, pereat mundus! ------------------------------------ we protect your digital worlds... ==================================== _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Mydoom: Perfect Storm Averted or Just Ahead? WolfgangK (Jan 28)
- Re: Mydoom: Perfect Storm Averted or Just Ahead? Randal L. Schwartz (Jan 29)
- Re: Mydoom: Perfect Storm Averted or Just Ahead? Collin R. Mulliner (Jan 29)
- Re: Mydoom: Perfect Storm Averted or Just Ahead? Papp Geza (Jan 29)
- <Possible follow-ups>
- Mydoom: perfect storm averted or just ahead? Computer Security (Jan 29)
- Re: Mydoom: perfect storm averted or just ahead? Roelof Temmingh (Jan 29)
- Re: Mydoom: Perfect Storm Averted or Just Ahead? Randal L. Schwartz (Jan 29)