Re: [Full-Disclosure] recent RPC/DCOM worm thought
THANK YOU... i've been telling many people this conspiracy theory. i didn't want to post my .2 cents since it's not security related. but here's my reasons. they used an old, off the shelf version of this exploit. didn't modify it much. let's face it. there's much better ways of being stealthy with this vuln. not to mention it's attacking the WRONG site. i believe all updates come from update.microsoft.com although it is possible for the domain to resolve the same address. k so that out of the way lets go on to the method of spreading. i think we can all agree sequential scanning can get lengthy rather than code red's solution. not to mention using tftp to just copy itself. given that's an easy option and everyone has it. and yes, 4 (or sometimes 5) days is a bit greedy for a worm who's sole purpose is to ddos _A_ website. i definately am glad other people have thought about this. the only other option is some lame script kiddie had his brother code this thing, and it took this long (given the amount of time that source was released) to write this poor excuse for a worm. i'm just glad it wasn't as malicious as it could have been judging by how many of my friends were effected by this. just goes to show they really don't listen to you when you tell them to patch their computer almost a month ago. i've even had some people say i let my firewall down to get a better ping on my game and all of a sudden i had to reboot goes to show that games really do more harm than meets the eye, heh. i feel that there were more reasons for my conspiracy theory but just saying this is enough to raise a few brows. - Original Message - From: Eichert, Diana [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, August 13, 2003 5:42 AM Subject: [Full-Disclosure] recent RPC/DCOM worm thought I've been thinking about how poorly this worm was written and how it really wasn't very malicious, just very time consuming, forcing people/companies to install patches to their systems. Now here's an alternative thought about it. What if someone purposely wrote this worm to get the attention of people to patch their systems, not to DOS the mickeysoft upgrade site. If they really wanted to create a DOS against a website they wouldn't have postponed it for 4 days. That's a long time in today's world. I mean if you were mickeysoft and there was a known security hole wouldn't it be in you best interest to have the first real exploit of it be relatively benign? It gets everyone's attention and they are forced to install the latest security patch. anyway, my US$.02 worth ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] recent RPC/DCOM worm thought
Title: RE: [Full-Disclosure] recent RPC/DCOM worm thought Seems a good point to me... Serge
RE: [Full-Disclosure] recent RPC/DCOM worm thought
If Microsoft were as evil an empire as they are perceived to be, then wouldn't they already have the backdoor to your system to apply the patch anyway? If so then why go throught the pain in the ass to write a shotty worm and draw bad publicity to the company? * Digital Rights Management (Security). You agree that in order to protect the integrity of content and software protected by digital rights management (Secure Content), Microsoft may provide security related updates to the OS Components that will be automatically downloaded onto your computer. These security related updates may disable your ability to copy and/or play Secure Content and use other software on your computer. If we provide such a security update, we will use reasonable efforts to post notices on a web site explaining the update. -d ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
RE: [Full-Disclosure] recent RPC/DCOM worm thought
Interesting thought, but I would have to say that it really goes deeper than that. If Microsoft were as evil an empire as they are perceived to be, then wouldn't they already have the backdoor to your system to apply the patch anyway? If so then why go throught the pain in the ass to write a shotty worm and draw bad publicity to the company? Think about the anti-virus companies and, well, every security software product out there, that is racing to be the first to detect or remediate X new variant of the worm. What an opportunity for market traction and visibility, wouldn't you say? My USD 0.02. Cheers, Kerry -Original Message- From: Eichert, Diana [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 13, 2003 7:42 AM To: '[EMAIL PROTECTED]' Subject: [Full-Disclosure] recent RPC/DCOM worm thought I've been thinking about how poorly this worm was written and how it really wasn't very malicious, just very time consuming, forcing people/companies to install patches to their systems. Now here's an alternative thought about it. What if someone purposely wrote this worm to get the attention of people to patch their systems, not to DOS the mickeysoft upgrade site. If they really wanted to create a DOS against a website they wouldn't have postponed it for 4 days. That's a long time in today's world. I mean if you were mickeysoft and there was a known security hole wouldn't it be in you best interest to have the first real exploit of it be relatively benign? It gets everyone's attention and they are forced to install the latest security patch. anyway, my US$.02 worth ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] recent RPC/DCOM worm thought
On Wed, 13 Aug 2003 14:20:22 CDT, Kerry Steele [EMAIL PROTECTED] said: If Microsoft were as evil an empire as they are perceived to be, then wouldn't they already have the backdoor to your system to apply the patch anyway? If so then why go throught the pain in the ass to write a shotty worm and draw bad publicity to the company? If their backdoor worked as well as their front door, the backdoor patch would fail, and then they'd have to face the derision of: 1) The original bug 2) Having put in a backdoor 3) Getting it wrong. If they release a worm to do it, they only have to suffer (1). pgp0.pgp Description: PGP signature
RE: [Full-Disclosure] recent RPC/DCOM worm thought
Why build in a backdoor when you can just write crappy code? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kerry Steele Sent: Wednesday, August 13, 2003 3:20 PM To: Eichert, Diana; [EMAIL PROTECTED] Subject: RE: [Full-Disclosure] recent RPC/DCOM worm thought Interesting thought, but I would have to say that it really goes deeper than that. If Microsoft were as evil an empire as they are perceived to be, then wouldn't they already have the backdoor to your system to apply the patch anyway? If so then why go throught the pain in the ass to write a shotty worm and draw bad publicity to the company? Think about the anti-virus companies and, well, every security software product out there, that is racing to be the first to detect or remediate X new variant of the worm. What an opportunity for market traction and visibility, wouldn't you say? My USD 0.02. Cheers, Kerry -Original Message- From: Eichert, Diana [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 13, 2003 7:42 AM To: '[EMAIL PROTECTED]' Subject: [Full-Disclosure] recent RPC/DCOM worm thought I've been thinking about how poorly this worm was written and how it really wasn't very malicious, just very time consuming, forcing people/companies to install patches to their systems. Now here's an alternative thought about it. What if someone purposely wrote this worm to get the attention of people to patch their systems, not to DOS the mickeysoft upgrade site. If they really wanted to create a DOS against a website they wouldn't have postponed it for 4 days. That's a long time in today's world. I mean if you were mickeysoft and there was a known security hole wouldn't it be in you best interest to have the first real exploit of it be relatively benign? It gets everyone's attention and they are forced to install the latest security patch. anyway, my US$.02 worth ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html