Security Incidents mailing list archives

Re: WMF Threat OK , but no huge attack ... WHY ?

From: Jose Nazario <jose () monkey org>
Date: Mon, 9 Jan 2006 16:21:15 -0500 (EST)

On Mon, 9 Jan 2006 pejman.gohari () gmail com wrote:

WMF was a perfect Zero-Day attack and a scenario like the blackout of
Internet was possible ? but nothing ? or no important attack!  No BOT
virus deployed? No DOS worm attack? ?

All hackers become white-hat?
Or they attacked and we didn?t see anything?

Any hypothese / explanation ?


didn't see anything? where have you been? we tracked several dozen
variants of WMF-linked malware which included bot functionality.

as for massive takedown of the internet ... well, no. didn't see that.

don't forget this required human intervention, and the proliferation of
screening technology made this pretty easy for some sites to block.
secondly, the bulk of what you could do with WMF-related malware was
trigger another download. most of those were found and blocked in one way
or another pretty quickly.

anyhow, it was a serious incident, it was managed, and it's been taken
care of in large measure ...

________
jose nazario, ph.d.                     jose () monkey org
http://monkey.org/~jose/                http://infosecdaily.net/
                                        http://www.wormblog.com/

Current thread:

WMF Threat OK , but no huge attack ... WHY ? pejman . gohari (Jan 09)
- Re: WMF Threat OK , but no huge attack ... WHY ? Jose Nazario (Jan 11)
- Re: WMF Threat OK , but no huge attack ... WHY ? jim (Jan 11)
- Re: WMF Threat OK , but no huge attack ... WHY ? Byron Sonne (Jan 11)
- Re: WMF Threat OK , but no huge attack ... WHY ? Chris Byrd (Jan 11)
- Re: WMF Threat OK , but no huge attack ... WHY ? Thierry Zoller (Jan 11)
- Re: WMF Threat OK , but no huge attack ... WHY ? Valdis . Kletnieks (Jan 11)
- <Possible follow-ups>
- WMF Threat OK , but no huge attack ... WHY ? k levinson (Jan 11)
- RE: WMF Threat OK , but no huge attack ... WHY ? Ward, Patrick James (Jan 11)