RE: DCOM/RPC story (Analogy)

[Nick FitzGerald <nick () virus-l demon co uk>]

madsaxon <madsaxon () direcway com> wrote:

> At 12:19 PM 8/31/03 -0700, Steven Fruchter wrote:
> > That is completely moronic to act as if he did not do anything but just 
> > hex edit the code and change the name for example on the .exe .  He also 
> > like a moron had the infected drones contact his website (which he is 
> > registered to) so that he can see who has been infected to control them. \
>
> Assuming that he is, in fact, responsible.  If I wanted
> to release a worm and blame someone else for it, the first thing
> I'd do is pick out some basically clueless kiddie who's been
> bragging about his skillz on IRC and set him up exactly like
> this.  Next thing you know, the FBI and virtually everyone on
> the planet is convinced he's guilty, and I get off scot free,
> ready to release my next new and improved worm. Piece o' cake.

Yeah, good plan...

Though, please explain how you would do the remote profiling to be sure 
that the clueless kiddie bragging about his skillz on IRC is the type 
who will confess to precisely the required actions when the FBI comes 
knocking a week or so later?


Regards,

Nick FitzGerald

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html