Full Disclosure mailing list archives
Re: Zotob Worm Remover
From: n3td3v <xploitable () gmail com>
Date: Mon, 22 Aug 2005 17:29:34 +0100
On 8/22/05, Todd Towles <toddtowles () brookshires com> wrote:
Diabl0 will be happy to know that it just deletes the worm
The worm is just proof that corporate security can be by-passed. It shows how hackers can target individuals within the enterprise and compromise their wireless device over the weekend while the corporate user is doing out of office work. The wireless devices were most likely the primary source of the spread. Media outlets are reporting wireless devices were only an accessory to the spread of the worm. Isn't it the case that this worm was carefully planned out and coordinated. Isn't it the case that the corporations hit were hand picked by the hacker. Isn't it the case that the hackers knew the owners of the wireless devices by name. Isn't it the case that more research and background work was done before releasing this to the affected enterprises than experts are reporting to the public at large. Corporations need to give all employees more advanced training in patching their personal wireless devices, which are being used over the weekend, and require them to be patched before the connect to corporate infrustructure on Monday morning, or during the weekend for those corporate users accessing the work place remotely from home. I think if the affected corporations don't learn from Zobtob then the same will happen again. Its vital enterprises now review policy in respect of this, as its becoming more common place that hackers are hitching a ride on wireless devices and hackers no longer need to worry about compromising corporate security, as unsuspecting employees are only too easy to target and infect, for the end game of allowing an infected device beyond the production servers and straight into the internal network of many of the big dot-com's. Its not completey clear who diabl0 is currently. Theres more than one diabl0 out on the web. A query on Google brings up indivduals posting on discussion forums, as well as a defacement group named diabl0, who funnily have been more than willing to submit their defacements to Zone-H. These guys have been around for a while and know what their doing is the generally impression I get. I don't know if diabl0 was clever enough to research and coordinate and target laptops to propogate the worm, but it would be only too easy to do in the future if someone is willing to put in enough preperation time into planning the assault on known employees of an enterprise. I've been watching too many movies and using illegal substances. Time for me to go now. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- RE: Zotob Worm Remover Todd Towles (Aug 22)
- Re: Zotob Worm Remover n3td3v (Aug 22)
- <Possible follow-ups>
- RE: Zotob Worm Remover Todd Towles (Aug 22)
- Re: Zotob Worm Remover n3td3v (Aug 22)
- Re: Zotob Worm Remover Ill will (Aug 22)
- RE: Zotob Worm Remover Ron DuFresne (Aug 22)
- RE: Zotob Worm Remover Todd Towles (Aug 22)
- RE: Zotob Worm Remover Todd Towles (Aug 22)
- RE: Zotob Worm Remover Jan Nielsen (Aug 22)
- RE: Zotob Worm Remover Aditya Deshmukh (Aug 22)
- Re: Zotob Worm Remover James Tucker (Aug 22)
- Re: Zotob Worm Remover Stuart Low (Aug 22)
- RE: Zotob Worm Remover Jan Nielsen (Aug 22)
(Thread continues...)