funsec mailing list archives
Re: So ze Q-bomb wuz a dud? :)
From: Blanchard_Michael () emc com
Date: Wed, 1 Apr 2009 14:52:49 -0400
hiya Kevin,
I'm starting to think that.... Why code something so well, the authors know encryption, know how to code well,
they know how to obfuscate code, code up all the P2P stuff.... And then.... SPLAT! Like a JuneBug in July in driving
through Maine hitting your windshield... There's a hardcoded April 1st payload launch, not encrypted, not hidden, just
sitting right there easy to find? I don't' buy it.... Who makes that mistake after being so careful?
April Fools world! I'm waiting for it ;-)
then in 2 or 3 weeks, they'll have a bunch of zombies that will never ever be patched, due to users that just don't
care or know better, for them to command...
Mike B
Michael P. Blanchard
Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE
Office of Information Security & Risk Management
EMC ² Corporation
4400 Computer Dr.
Westboro, MA 01580
-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Kevin McAleavey
Sent: Wednesday, April 01, 2009 5:28 AM
To: funsec
Subject: [funsec] So ze Q-bomb wuz a dud? :)
Sitting shiva on conficker all evening and night here in the woods of upstate New York. So all the analysis which
revealed the presence of a date was perhaps an April Fool's joke of its own? Given the way the previous versions have
worked, never did quite understand why they'd hardcode a date in there given the sophistication of what I've seen by
design so far. But its presence really DID get everyone worked up, perhaps one of the more significant April Fool's
pranks ... and on US. :(
I haven't seen much of anything and I'm in my 13th hour of sitting here, waiting for what Marvin the Martian once
said, "Where's the Kaboom? There was supposed to be an earth shattering kaboom!" Did the pig even update itself
anywhere? Or did we get fooled? Somehow, I expect the latter. Whoever wrote this thing is pretty damned good at what
they've written so far ...
----------------------------------------------------
Kevin McAleavey, at your service.
BOClean Anti-Malware division
http://www.comodo.com/
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Current thread:
- So ze Q-bomb wuz a dud? :) Kevin McAleavey (Apr 01)
- Re: So ze Q-bomb wuz a dud? :) Valdis . Kletnieks (Apr 01)
- Re: So ze Q-bomb wuz a dud? :) Paul M. Moriarty (Apr 01)
- Re: So ze Q-bomb wuz a dud? :) Valdis . Kletnieks (Apr 01)
- Re: So ze Q-bomb wuz a dud? :) Paul Ferguson (Apr 01)
- Re: So ze Q-bomb wuz a dud? :) Paul M. Moriarty (Apr 01)
- Re: So ze Q-bomb wuz a dud? :) Valdis . Kletnieks (Apr 01)
- Re: So ze Q-bomb wuz a dud? :) Blanchard_Michael (Apr 01)