Security Incidents mailing list archives
Re: WMF Threat OK , but no huge attack ... WHY ?
From: Jose Nazario <jose () monkey org>
Date: Mon, 9 Jan 2006 16:21:15 -0500 (EST)
On Mon, 9 Jan 2006 pejman.gohari () gmail com wrote:
WMF was a perfect Zero-Day attack and a scenario like the blackout of Internet was possible ? but nothing ? or no important attack! No BOT virus deployed? No DOS worm attack? ? All hackers become white-hat? Or they attacked and we didn?t see anything? Any hypothese / explanation ?
didn't see anything? where have you been? we tracked several dozen variants of WMF-linked malware which included bot functionality. as for massive takedown of the internet ... well, no. didn't see that. don't forget this required human intervention, and the proliferation of screening technology made this pretty easy for some sites to block. secondly, the bulk of what you could do with WMF-related malware was trigger another download. most of those were found and blocked in one way or another pretty quickly. anyhow, it was a serious incident, it was managed, and it's been taken care of in large measure ... ________ jose nazario, ph.d. jose () monkey org http://monkey.org/~jose/ http://infosecdaily.net/ http://www.wormblog.com/
Current thread:
- WMF Threat OK , but no huge attack ... WHY ? pejman . gohari (Jan 09)
- Re: WMF Threat OK , but no huge attack ... WHY ? Jose Nazario (Jan 11)
- Re: WMF Threat OK , but no huge attack ... WHY ? jim (Jan 11)
- Re: WMF Threat OK , but no huge attack ... WHY ? Byron Sonne (Jan 11)
- Re: WMF Threat OK , but no huge attack ... WHY ? Chris Byrd (Jan 11)
- Re: WMF Threat OK , but no huge attack ... WHY ? Thierry Zoller (Jan 11)
- Re: WMF Threat OK , but no huge attack ... WHY ? Valdis . Kletnieks (Jan 11)
- <Possible follow-ups>
- WMF Threat OK , but no huge attack ... WHY ? k levinson (Jan 11)
- RE: WMF Threat OK , but no huge attack ... WHY ? Ward, Patrick James (Jan 11)