Full Disclosure mailing list archives
RE: SOPHISTICATION OF THE WORM
From: "mattmurphy () kc rr com" <mattmurphy () kc rr com>
Date: Mon, 27 Jan 2003 08:43:09 -0500
Not knowing the motivation of its author, I will offer the following comments: The random number generation on this worm, well, sucks. There have already been numerous posts explaining how the worm will get "stuck" attacking the same network hundreds of times over. The author also included no control mechanisms on the worm, so it almost immediately begins to exhaust outbound bandwidth. That said, I think the spread of this worm is probably at or beyond the level of what it's original author expected, seeing all of the press it got. Really, this worm could have been made to be a lot more efficient (e.g, not PUSHing strings, and not using registers for constant values, etc.). I get the impression that the author didn't want/feel the need/wasn't able to write a simple decoder for this thing. Original Message: ----------------- From: backed.up.by.2048.bit.encryption () hushmail com Date: Sun, 26 Jan 2003 15:30:29 -0800 To: full-disclosure () lists netsys com Subject: [Full-disclosure] SOPHISTICATION OF THE WORM -----BEGIN PGP SIGNED MESSAGE----- What is the consensus on the sophistication and quality of this worm? Is it something that only an "adult" could have written? Is it a brilliant, ingenious piece of work, or is it nothing extraordinary and something any cut and paste kid could have achieved? What is the quality of its functionality like? Is it doing precisely what it was coded to do? Could the author have coded it to do more? Are there any errors in it? Can one determine if it is achieving precisely the results the author intended, based on its coding, or would (or is ) the author surprised by its effects? -----BEGIN PGP SIGNATURE----- Version: Hush 2.2 (Java) Note: This signature can be verified at https://www.hushtools.com/verify wnUEARECADUFAj40b1IuHGJhY2tlZC51cC5ieS4yMDQ4LmJpdC5lbmNyeXB0aW9uQGh1 c2htYWlsLmNvbQAKCRDEHQGvBp4eRJhmAJ9CBcdGAP0HQiyO+Eh/h6ez3+ALjwCggTEq IdslTIRQfg/z4f4IIkPoung= =aQFY -----END PGP SIGNATURE----- Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Big $$$ to be made with the HushMail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosu -------------------------------------------------------------------- mail2web - Check your email from the web at http://mail2web.com/ . _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- SOPHISTICATION OF THE WORM backed . up . by . 2048 . bit . encryption (Jan 27)
- <Possible follow-ups>
- RE: SOPHISTICATION OF THE WORM mattmurphy () kc rr com (Jan 27)