Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Flash Worms

From: jaywhy <jaywhy2 () home com>
Date: Sat, 18 Aug 2001 13:15:45 -0400
It really wouldn't matter even if you only got to 20%, 10% or even 5% of the
vulnerable hosts.  Those computer running a DDOS attack against anything
would completely destroy it.

According to netcraft http://www.netcraft.co.uk/survey/ there is over 7
million apache web servers that are up.  Now if you found an exploit like
the one code red exploited in apache.  Even if you only got to 20% of the
web servers with the payload, that still a good million or so servers out
there infected.  What if this worm happened to be really malicious and
trashed web sites, deleted hard drives, or run some sort of DDOS attack.
Even spawn some kinda nuke program in the internal network hooked up to the
web server.  Lord knows there is never a shortage of new nukes out for
windows flavors.

Now I do doubt anyone who would release this would have access to a OC-12
line to release the payload.  But that doesn't mean he/she couldn't hack
into a site that does.  Or hack into multiple sites and release the payload
from multiple sites at one time.

We talk about this kinda attack now and don't believe it.  But someone
wanting to prove you all wrong will do it, and it will probably happen it
just depends on when.


-- 
Jason Yates
jaywhy2 () home com



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: