Full Disclosure mailing list archives
Re: DCOM/RPC story (Analogy)
From: ww () STYX ORG
Date: Sun, 31 Aug 2003 18:31:23 -0400
On Sun, Aug 31, 2003 at 12:19:35PM -0700, Steven Fruchter wrote:
That is completely moronic to act as if he did not do anything but just hex edit the code and change the name for example on the .exe . He also like a moron had the infected drones contact his website (which he is registered to) so that he can see who has been infected to control them. This means that he had more than just wanting to change the name of an .exe for example, it shows his intent.
I was not aware of this. Yes, it changes the scenario somewhat: it mitigates the amount of "damage" of that could be caused by the worm if he had just changed some text strings. Consider: all drones controlled by a single entity or drones controlled by multiple uncoordinated entities. Which has the greatest potential for, say, a coordinated DDOS attack? Of course distrupting the worm's control mechanism probably wasn't his intent. So maybe he's a bit misguided but mostly harmless.
Regardless of what he did or didn't do, he will probably get the blame of the entire thing
Trial by media anyone? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: DCOM/RPC story (Analogy) ww (Aug 31)
- RE: DCOM/RPC story (Analogy) Steven Fruchter (Aug 31)
- <Possible follow-ups>
- RE: DCOM/RPC story (Analogy) Nick FitzGerald (Aug 31)
- RE: DCOM/RPC story (Analogy) madsaxon (Aug 31)
- Re: DCOM/RPC story (Analogy) Jennifer Bradley (Aug 31)
- Re: DCOM/RPC story (Analogy) Kristian Hermansen (Sep 01)
- Re: DCOM/RPC story (Analogy) Jarmo Joensuu (Sep 01)
- RE: DCOM/RPC story (Analogy) Schmehl, Paul L (Sep 01)
- Re: DCOM/RPC story (Analogy) morning_wood (Sep 01)
- Re[2]: DCOM/RPC story (Analogy) Marc Chabot (.net) (Sep 01)
- Re: DCOM/RPC story (Analogy) morning_wood (Sep 01)