Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: SOPHISTICATION OF THE WORM

From: "mattmurphy () kc rr com" <mattmurphy () kc rr com>
Date: Mon, 27 Jan 2003 08:43:09 -0500
Not knowing the motivation of its author, I will offer the following 
comments:

The random number generation on this worm, well, sucks.  There have already 
been numerous posts explaining how the worm will get "stuck" attacking the 
same network hundreds of times over.  The author also included no control 
mechanisms on the worm, so it almost immediately begins to exhaust outbound 
bandwidth.

That said, I think the spread of this worm is probably at or beyond the
level 
of what it's original author expected, seeing all of the press it got.

Really, this worm could have been made to be a lot more efficient (e.g, not 
PUSHing strings, and not using registers for constant values, etc.).  I get 
the impression that the author didn't want/feel the need/wasn't able to
write 
a simple decoder for this thing.

Original Message:
-----------------
From:  backed.up.by.2048.bit.encryption () hushmail com
Date: Sun, 26 Jan 2003 15:30:29 -0800
To: full-disclosure () lists netsys com
Subject: [Full-disclosure] SOPHISTICATION OF THE WORM



-----BEGIN PGP SIGNED MESSAGE-----

What is the consensus on the sophistication and quality of this worm?

Is it something that only an "adult" could have written? Is it a brilliant, 
ingenious piece of work, or is it nothing extraordinary and something any
cut 
and paste kid could have achieved?

What is the quality of its functionality like? Is it doing precisely what
it 
was coded to do? Could the author have coded it to do more? Are there any 
errors in it?

Can one determine if it is achieving precisely the results the author 
intended, based on its coding, or would (or is ) the author surprised by
its 
effects?


-----BEGIN PGP SIGNATURE-----
Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify

wnUEARECADUFAj40b1IuHGJhY2tlZC51cC5ieS4yMDQ4LmJpdC5lbmNyeXB0aW9uQGh1
c2htYWlsLmNvbQAKCRDEHQGvBp4eRJhmAJ9CBcdGAP0HQiyO+Eh/h6ez3+ALjwCggTEq
IdslTIRQfg/z4f4IIkPoung=
=aQFY
-----END PGP SIGNATURE-----




Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2 

Big $$$ to be made with the HushMail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosu

--------------------------------------------------------------------
mail2web - Check your email from the web at
http://mail2web.com/ .


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: