funsec mailing list archives
Re: So ze Q-bomb wuz a dud? :)
From: Blanchard_Michael () emc com
Date: Wed, 1 Apr 2009 14:52:49 -0400
hiya Kevin, I'm starting to think that.... Why code something so well, the authors know encryption, know how to code well, they know how to obfuscate code, code up all the P2P stuff.... And then.... SPLAT! Like a JuneBug in July in driving through Maine hitting your windshield... There's a hardcoded April 1st payload launch, not encrypted, not hidden, just sitting right there easy to find? I don't' buy it.... Who makes that mistake after being so careful? April Fools world! I'm waiting for it ;-) then in 2 or 3 weeks, they'll have a bunch of zombies that will never ever be patched, due to users that just don't care or know better, for them to command... Mike B Michael P. Blanchard Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security & Risk Management EMC ² Corporation 4400 Computer Dr. Westboro, MA 01580 -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Kevin McAleavey Sent: Wednesday, April 01, 2009 5:28 AM To: funsec Subject: [funsec] So ze Q-bomb wuz a dud? :) Sitting shiva on conficker all evening and night here in the woods of upstate New York. So all the analysis which revealed the presence of a date was perhaps an April Fool's joke of its own? Given the way the previous versions have worked, never did quite understand why they'd hardcode a date in there given the sophistication of what I've seen by design so far. But its presence really DID get everyone worked up, perhaps one of the more significant April Fool's pranks ... and on US. :( I haven't seen much of anything and I'm in my 13th hour of sitting here, waiting for what Marvin the Martian once said, "Where's the Kaboom? There was supposed to be an earth shattering kaboom!" Did the pig even update itself anywhere? Or did we get fooled? Somehow, I expect the latter. Whoever wrote this thing is pretty damned good at what they've written so far ... ---------------------------------------------------- Kevin McAleavey, at your service. BOClean Anti-Malware division http://www.comodo.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- So ze Q-bomb wuz a dud? :) Kevin McAleavey (Apr 01)
- Re: So ze Q-bomb wuz a dud? :) Valdis . Kletnieks (Apr 01)
- Re: So ze Q-bomb wuz a dud? :) Paul M. Moriarty (Apr 01)
- Re: So ze Q-bomb wuz a dud? :) Valdis . Kletnieks (Apr 01)
- Re: So ze Q-bomb wuz a dud? :) Paul Ferguson (Apr 01)
- Re: So ze Q-bomb wuz a dud? :) Paul M. Moriarty (Apr 01)
- Re: So ze Q-bomb wuz a dud? :) Valdis . Kletnieks (Apr 01)
- Re: So ze Q-bomb wuz a dud? :) Blanchard_Michael (Apr 01)