Security Incidents mailing list archives
CRv2 - Questions
From: "The Death" <thedeadh () netvision net il>
Date: Fri, 20 Jul 2001 23:40:31 +0200
Hello people.
I have few questions:
1) Is it known if the CRv2 worm will function like CRv1, in the matter of
c:\noworm ? If so, then systems who were once infected (with the CRv1 worm)
will actually not go trough step 7 (attacking www.whitehouse.gov)
2) Is it known for the destenation of attack used by the CRv2 worm? Is it
still trying to attack the blocked IP as CRv1 ?
3) What, do you think, caused the 'black hat' who made CRv1 to release CRv2?
It isn't too smart to send CRv1 to "check the ground", as CRv1 brought alot
of awareness to the bug exploited, therefore CRv2 will have much less hosts
to exploit. Might it be that the 'black-hat' was not aware of the short
period of the PRNG he designed?
Regards,
The Death
thedeadh () netvision net il (this is not a typo)
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see:
http://aris.securityfocus.com
Current thread:
- CRv2 - Questions The Death (Jul 21)
- Re: CRv2 - Questions Nick FitzGerald (Jul 22)
- RE: CRv2 - Questions The Death (Jul 22)
- Re: CRv2 - Questions Steffen Dettmer (Jul 23)
- RE: CRv2 - Questions The Death (Jul 23)
- RE: CRv2 - Questions Jose Nazario (Jul 23)
- Re: CRv2 - Questions Ronald Tse (Jul 24)
- RE: CRv2 - Questions The Death (Jul 24)
- RE: CRv2 - Questions The Death (Jul 22)
- Re: CRv2 - Questions Nick FitzGerald (Jul 22)