Full Disclosure mailing list archives
Re: Windows Dcom Worm planned DDoS
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Wed, 13 Aug 2003 11:38:57 +1200
Sebastian Niehaus <killedbythoughts () mindcrime net> to me:
And, of course, if MS started messing with the DNS entries for windowsupdate.com, it would be cutting an awful lot of users off from much needed updates. which could be as disturbing as the rest of the worm's effects...Could be a nice feature of a worm to modify the "hosts" file and prevent infected maschines to do DNS lookups. Users typing "www.microsoft.com" into their browsers could be tricked into downloading stuff from hostile servers and the "windows update" could be disabeled easily. This probably istn't a new concept, eh?
Correct about messing with the hosts file -- has been used by various adware, spyware and browser hijackers for various purposes and occasionally by other malware to, for example, block access to AV and/or other security sites (pointing www.<company>.com to 127.0.0.1 for example). Offhand I don't recall it being used specifically to target Windows Update or other MS sites with the intention of causing the user to unwittingly d/l something malicious (in general, if a piece of malware has this level of access to the victim's machine it probably can do much, if not all, it needs without engaging in network address subterfuges...). -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Windows Dcom Worm planned DDoS, (continued)
- Re: Windows Dcom Worm planned DDoS Jeremiah Cornelius (Aug 12)
- RE: Windows Dcom Worm planned DDoS Nick FitzGerald (Aug 12)
- Re: Windows Dcom Worm planned DDoS Matthew Murphy (Aug 12)
- Re: Windows Dcom Worm planned DDoS Valdis . Kletnieks (Aug 13)
- Re: Windows Dcom Worm planned DDoS Max Valdez (Aug 15)
- Re: Windows Dcom Worm planned DDoS Valdis . Kletnieks (Aug 16)
- Re: Windows Dcom Worm planned DDoS Sebastian Niehaus (Aug 12)
- Re: Windows Dcom Worm planned DDoS martin f krafft (Aug 12)
- Re: Re: Windows Dcom Worm planned DDoS Sebastian Niehaus (Aug 13)
- Re: Windows Dcom Worm planned DDoS Reveret Julien (Aug 12)
- Re: Windows Dcom Worm planned DDoS Nick FitzGerald (Aug 12)
- Windows Dcom Worm Killer w g (Aug 13)
- Re: Windows Dcom Worm Killer Joey (Aug 13)
- Re: Windows Dcom Worm Killer Nick FitzGerald (Aug 13)
- Re: Windows Dcom Worm Killer and source code w g (Aug 13)
- RE: Windows Dcom Worm planned DDoS Chris Eagle (Aug 14)
- DDos counter measures Laurent LEVIER (Aug 14)
- Re: DDos counter measures Nick FitzGerald (Aug 14)
- Re: DDos counter measures Gael Martinez (Aug 14)