Full Disclosure mailing list archives
RE: DCOM/RPC story (Analogy)
From: "Steven Fruchter" <steven_fruchter () hotmail com>
Date: Sun, 31 Aug 2003 15:54:08 -0700
Well harmless? He added in a backdoor called Lithium, so that he can remotely connect to each exploited machine, and had them contact his website so he can keep track of who is infected, and control them (DDoS). So yes he did leave in the attack against MS update site but he also added in his own little tricks which is what got him caught. -Steven Fruchter -----Original Message----- From: ww () styx org [mailto:ww () styx org] Sent: Sunday, August 31, 2003 3:31 PM To: Steven Fruchter Cc: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] DCOM/RPC story (Analogy) On Sun, Aug 31, 2003 at 12:19:35PM -0700, Steven Fruchter wrote:
That is completely moronic to act as if he did not do anything but just hex edit the code and change the name for example on the .exe . He also like a moron had the infected drones contact his website (which he is registered to) so that he can see who has been infected to control them. This means that he had more than just wanting to change the name of an .exe for example, it shows his intent.
I was not aware of this. Yes, it changes the scenario somewhat: it mitigates the amount of "damage" of that could be caused by the worm if he had just changed some text strings. Consider: all drones controlled by a single entity or drones controlled by multiple uncoordinated entities. Which has the greatest potential for, say, a coordinated DDOS attack? Of course distrupting the worm's control mechanism probably wasn't his intent. So maybe he's a bit misguided but mostly harmless.
Regardless of what he did or didn't do, he will probably get the blame of the entire thing
Trial by media anyone? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: DCOM/RPC story (Analogy) ww (Aug 31)
- RE: DCOM/RPC story (Analogy) Steven Fruchter (Aug 31)
- <Possible follow-ups>
- RE: DCOM/RPC story (Analogy) Nick FitzGerald (Aug 31)
- RE: DCOM/RPC story (Analogy) madsaxon (Aug 31)
- Re: DCOM/RPC story (Analogy) Jennifer Bradley (Aug 31)
- Re: DCOM/RPC story (Analogy) Kristian Hermansen (Sep 01)
- Re: DCOM/RPC story (Analogy) Jarmo Joensuu (Sep 01)
- RE: DCOM/RPC story (Analogy) Schmehl, Paul L (Sep 01)
- Re: DCOM/RPC story (Analogy) morning_wood (Sep 01)
- Re[2]: DCOM/RPC story (Analogy) Marc Chabot (.net) (Sep 01)
- Re: DCOM/RPC story (Analogy) morning_wood (Sep 01)