Full Disclosure mailing list archives

Re: Mydoom: perfect storm averted or just ahead?

From: Roelof Temmingh <roelof () sensepost com>
Date: Thu, 29 Jan 2004 10:49:23 +0200 (SAST)

2.  It would be difficult for a malicious programmer, cyber terrorists or
cyber activists to target a specific environment and protect others ( Eg.,
launch denial of service against SCO.com because I like LINUX and don?t like
SCO legal actions.  Protect my computer at Berkley.edu because I don?t want
to effect my own Email.)  Programmers can easily modify code and launch an
attack against another environment.


Not sure I totally agree here. While it is difficult to target a specific
network or system with worm technology it is possible - to an certain
extent at least. Refer to http://www.sensepost.com/misc/bh2003lv.doc for
some ideas on how that could be done. The document describes attacks that
are wide-spread, yet focussed - it was presented at BlackHat, Las Vegas,
2003.

my 1c,
Roelof.

=====================
Roelof Temmingh
roelof () sensepost com
+27 12 667 4737
GMT+2
=====================


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Mydoom: Perfect Storm Averted or Just Ahead? WolfgangK (Jan 28)
- Re: Mydoom: Perfect Storm Averted or Just Ahead? Randal L. Schwartz (Jan 29)
  - Re: Mydoom: Perfect Storm Averted or Just Ahead? Collin R. Mulliner (Jan 29)
- Re: Mydoom: Perfect Storm Averted or Just Ahead? Papp Geza (Jan 29)
- <Possible follow-ups>
- Mydoom: perfect storm averted or just ahead? Computer Security (Jan 29)
  - Re: Mydoom: perfect storm averted or just ahead? Roelof Temmingh (Jan 29)