Full Disclosure mailing list archives
RE: Virus Outbreak Attacking MS05-039 WIN2K
From: "Todd Towles" <toddtowles () brookshires com>
Date: Mon, 15 Aug 2005 11:07:13 -0500
I don't see a real reason for blocking them, other than to make you mad.
They could have easily pointed them to phishing sites, instead of the
loopback address. But the phishing sites would have been cut down very
fast when hard coded in the worm itself.
Once they have control of the box using the IRC, this little "feature"
can be modified at any time however.
________________________________
From: full-disclosure-bounces () lists grok org uk
[mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of Andrew
Smith
Sent: Monday, August 15, 2005 10:27 AM
To: Mike
Cc: full-disclosure () lists grok org uk
Subject: Re: [Full-disclosure] Virus Outbreak Attacking MS05-039
WIN2K
Can anyone explain why this virus chooses to block ebay, amazon
and paypal?
This seems foolish if the intention is to remain on the
compromised host un-noticed.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Virus Outbreak Attacking MS05-039 WIN2K Mike (Aug 15)
- Re: Virus Outbreak Attacking MS05-039 WIN2K Andrew Smith (Aug 15)
- RE: Virus Outbreak Attacking MS05-039 WIN2K Jan Nielsen (Aug 15)
- Re: Virus Outbreak Attacking MS05-039 WIN2K Joe Stewart (Aug 15)
- <Possible follow-ups>
- RE: Virus Outbreak Attacking MS05-039 WIN2K Todd Towles (Aug 15)
- RE: Virus Outbreak Attacking MS05-039 WIN2K Todd Towles (Aug 15)
- RE: Virus Outbreak Attacking MS05-039 WIN2K auto447062 (Aug 16)
- Re: Virus Outbreak Attacking MS05-039 WIN2K Andrew Smith (Aug 15)