funsec mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Cambridge Professor Warns of Skype Botnet Threat

From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Sat, 28 Jan 2006 00:00:37 +1300
Austin wrote:


A SIP worm would have a pretty killer "locality" aspect. Hitting all the
other SIP-enabled devices in someone's address book would be a great way
to compromise a single large site quickly, especially since network-wide
rollouts of VoIP usually have homogenous hardware.

Besides the personal exposure risk, think about the local DDoS you could
get from compromising a couple hundred Cisco 7971's with gigabit ports...
Bring down the local VLAN's, and saturate all those shiny inter-office
links that give preferential QoS to VoIP traffic...


And you think this is different from an Outlook mass-mailer that uses 
the global address book for its address harvesting _back in the days 
before hardly anyone bothered doing (serious) virus scanning of Email_, 
how?

A large multi-national's distributed LAN with, say 125,000 registered 
users (all contactible through the "All-Staff" (and then multiply via 
whichever of "All-Clerical", "All-Sales", "All-Techsupport", "All-DC", 
"All-NY", "All-Seattle", "All-SJ", etc, etc, etc they rightly belonged 
to) and "lucky" enough to have only two or three users dumb enough to 
double-click that attachment would generate several tens of millions of 
messages within a few minutes -- although many pulled the (external) 
plug on their mail systens there was really no need -- if it didn't 
rapidly melt-down of the its own accord, the server farm running 
Exchange would be groaning for hours and hours just trying to handle 
the _en_queueing load...

Not saying that your VOIP scenario is not bad, BUT any senoir corporate 
IT'ers who lived through W97M/Melissa or VBS/LoveLetter or any of 
several other "show-stopper" mass-mailers back in the "bad old days" 
who has allowed a VOIP roll-out of the form you describe should be 
fired now and someone competent found to replace them.

Oh wait -- that's right, we don't teach folk about the IT mistakes of 
the past and collectively MOST of IT forgets whatever it learnt about 
security the week before last!

...

Or, in short -- SSDD...


Regards,

Nick FitzGerald

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: