Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!

From: "Jason Coombs" <jasonc () science org>
Date: Sun, 26 Jan 2003 20:46:14 -1000
The link to the Yahoo! News/Reuters article reporting the BofA ATM outage
does work, you just didn't copy and paste it properly when it spanned two
lines in the e-mail message. Here's a shorter link:

http://makeashorterlink.com/?K28962933

-----Original Message-----
From: moksha faced [mailto:admin () mokshafaced com]
Sent: Sunday, January 26, 2003 7:30 PM
To: Richard M. Smith; jasonc () science org; 'Jay D. Dyson'; 'Bugtraq';
'Full-Disclosure'
Subject: RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!


I'm going to jump out on a limb here, but I think this
story is poop.  In military lingo "poo poo cah cah".
No one links their ATMs over the internet, NO ONE...
and especially not the really large banks that know
better.  I also noticed the story link doesn't work,
so obviously somebody got their facts straight and
retracted the story...



--- "Richard M. Smith" <rms () computerbytesman com>
wrote:

However, this worm might not be so harmless as it
appears because of
collateral damage:

   Bank of America ATMs Disrupted by Virus



http://story.news.yahoo.com/news?tmpl=story&ncid=578&e=3&cid=569&u=/nm/2

0030125/tc_nm/tech_virus_dc

   "SEATTLE (Reuters) - Bank of America Corp. said
on
   Saturday that customers at a majority of its
13,000
   automatic teller machines were unable to process
   customer transactions after a malicious computer
worm
   nearly froze Internet traffic worldwide."

Richard M. Smith
http://www.ComputerBytesMan.com

-----Original Message-----
From: Jason Coombs [mailto:jasonc () science org]
Sent: Saturday, January 25, 2003 4:41 PM
To: Jay D. Dyson; Bugtraq
Subject: RE: MS SQL WORM IS DESTROYING INTERNET
BLOCK PORT 1434!


Jay Dyson wrote:

    And to think...up until tonight, I thought the

vulnerabilities

that paved the way for Nimda were the worst that

Microsoft could do

to the net.community.  They've really topped

themselves this time.

As of now we don't know who wrote the worm, but we
do know that it looks
like a concept worm with no malicious payload. There
is a good argument
to
be made in favor of such worms. Whomever did write
this worm could have
done
severe damage beyond unfocused DDoS and chose not to
do so. One would
expect
intelligence agencies in developed countries to
write and release
precisely
this type of concept worm as a form of mass
inoculation against
malicious
attacks.

Before you get upset at your vendor, or anyone
else's, consider the
bigger
picture and recognize the increased security
hardening the Internet just
received. Belief in this silver lining shouldn't be
taken too far, of
course, but flaming anyone over an event like this
is misplaced
considering
the number of infosec experts who would probably
have agreed to write
this
worm if approached by their nations' government with
proof that an
adversary
was planning to cause severe harm by exploiting the
W32/SQLSlammer
vulnerability.

Sincerely,

Jason Coombs
jasonc () science org



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: