Full Disclosure mailing list archives
RE: Virus Outbreak Attacking MS05-039 WIN2K
From: "Todd Towles" <toddtowles () brookshires com>
Date: Mon, 15 Aug 2005 11:07:13 -0500
I don't see a real reason for blocking them, other than to make you mad. They could have easily pointed them to phishing sites, instead of the loopback address. But the phishing sites would have been cut down very fast when hard coded in the worm itself. Once they have control of the box using the IRC, this little "feature" can be modified at any time however. ________________________________ From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of Andrew Smith Sent: Monday, August 15, 2005 10:27 AM To: Mike Cc: full-disclosure () lists grok org uk Subject: Re: [Full-disclosure] Virus Outbreak Attacking MS05-039 WIN2K Can anyone explain why this virus chooses to block ebay, amazon and paypal? This seems foolish if the intention is to remain on the compromised host un-noticed.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Virus Outbreak Attacking MS05-039 WIN2K Mike (Aug 15)
- Re: Virus Outbreak Attacking MS05-039 WIN2K Andrew Smith (Aug 15)
- RE: Virus Outbreak Attacking MS05-039 WIN2K Jan Nielsen (Aug 15)
- Re: Virus Outbreak Attacking MS05-039 WIN2K Joe Stewart (Aug 15)
- <Possible follow-ups>
- RE: Virus Outbreak Attacking MS05-039 WIN2K Todd Towles (Aug 15)
- RE: Virus Outbreak Attacking MS05-039 WIN2K Todd Towles (Aug 15)
- RE: Virus Outbreak Attacking MS05-039 WIN2K auto447062 (Aug 16)
- Re: Virus Outbreak Attacking MS05-039 WIN2K Andrew Smith (Aug 15)