Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!

[Albert Sunseri <sunseri () abpi net>]

The article has some interesting implications in its own right.
However, if no damage whatsoever was done by hte worm then 
who would bother with the repercussions of the proof of concept?

And I belive that Jason Coombs' point is about the degree of damage.
Or to be metaphorical, the size of the horse that gets let out of the stable
before the door is closed.

An additional ethical issue would arise if the worm was written as a proof of concept
and was never meant to 'escape' into the wild....

Just tossin pennies,
-------------
Albert Sunseri
Information want to be priceless 
sunseri () abpi net

On Sat, Jan 25, 2003 at 06:11:12PM -0500, Richard M. Smith wrote:
> From: "Richard M. Smith" <rms () computerbytesman com>
> To: <jasonc () science org>, "'Jay D. Dyson'" <jdyson () treachery net>,
>         "'Bugtraq'" <bugtraq () securityfocus com>,
>         "'Full-Disclosure'" <full-disclosure () lists netsys com>
> Subject: RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!
> Date: Sat, 25 Jan 2003 18:11:12 -0500
>
> However, this worm might not be so harmless as it appears because of
> collateral damage:


>    Bank of America ATMs Disrupted by Virus
>  
> http://story.news.yahoo.com/news?tmpl=story&ncid=578&e=3&cid=569&u=/nm/2
> 0030125/tc_nm/tech_virus_dc
>
>    "SEATTLE (Reuters) - Bank of America Corp. said on 
>    Saturday that customers at a majority of its 13,000 
>    automatic teller machines were unable to process 
>    customer transactions after a malicious computer worm 
>    nearly froze Internet traffic worldwide."
>
> Richard M. Smith
> http://www.ComputerBytesMan.com
>
> -----Original Message-----
> From: Jason Coombs [mailto:jasonc () science org] 
> Sent: Saturday, January 25, 2003 4:41 PM
> To: Jay D. Dyson; Bugtraq
> Subject: RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!


... snip ....

> As of now we don't know who wrote the worm, but we do know that it looks
> like a concept worm with no malicious payload. There is a good argument
> to
> be made in favor of such worms. Whomever did write this worm could have
> done
> severe damage beyond unfocused DDoS and chose not to do so. One would
> expect
> intelligence agencies in developed countries to write and release
> precisely
> this type of concept worm as a form of mass inoculation against
> malicious
> attacks.

... snip ...

> Sincerely,
>
> Jason Coombs
> jasonc () science org

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html