Full Disclosure mailing list archives
RE: irc.trojan.fgt - new variant.
From: "Gadi Evron" <ge () egotistical reprehensible net>
Date: Fri, 7 Nov 2003 17:41:14 -0800
Yes but like you said it uses an angelfire page, If you take it down the virus is stopped If it gets too succesfull bandwidth limits are exceeded. So it will never widely spread that way If someone where to include a webserver in the worm there's no single point of failure
Exactly why:
A. This trojan is dead now.
B. The author kept releaseing clones/varaiants with different URL's.
It condusted massive spamming for itself, then died. Same thing with the
next variant.
As I wrote in my email, this trojan horse's success was propelled by the
author releasing _new_ clones "all the time" from different URL's. It
was never built to last. It was build to destroy.
As to never widely spreading... It did. :/
But your points are valid for the regular "things" we see out there.
Gadi Evron (i.e. ge),
ge () linuxbox org.
--------
gevron () netvision net il -
PGP Key: 2048/2048 (Size) 0x2D3D6741 (ID).
Fingerprint: 0EB3 00BC 974B 3C2B 336D 6486 ECA5 2D0D 2D3D 6741.
The Trojan Horses Research mailing list - http://ecompute.org/th-list
My resume (Hebrew) - http://vapid.reprehensible.net/~ge/resume.rtf
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- irc.trojan.fgt - new variant. Tom Russell (Nov 05)
- Re: irc.trojan.fgt - new variant. Jelmer (Nov 05)
- <Possible follow-ups>
- RE: irc.trojan.fgt - new variant. ge (Nov 07)
- Re: irc.trojan.fgt - new variant. Jelmer (Nov 07)
- RE: irc.trojan.fgt - new variant. Gadi Evron (Nov 07)
- Re: irc.trojan.fgt - new variant. Jelmer (Nov 07)