On Tue, Aug 12, 2003 at 06:31:31PM -0400, Justin Shin wrote:
note -- im not trying to encourage this stuff, i am just pointing out some key flaws
in this worm. the next one may have all of these features and much more, because I
am not a very creative guy.
Yes, this worm is rather stupid.
On Wednesday 13 August 2003 02:08 pm, Joey wrote:
SNIP
Since the exploit
was released for the most important service in windows that supposedly
makes windows impossible to run if you disable it, I think microsoft has no
credibility to say their OSs are secure or most secure version of
:51 PM
To: Justin Shin; [EMAIL PROTECTED]
Subject: RE: [Full-Disclosure] smarter dcom worm
You are correct in that this worm sucks but I think you could more
eloquently put it as this is probably the biggest pile of shit glued
together crap ass excuse for a worm that I've ever seen
Maybe even some polymorphic code and PE injection.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of SPAM
Sent: Wednesday, August 13, 2003 12:56 AM
To: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] smarter dcom worm
imho netbios and tftp are good enough
-Original Message-
From: Bassett, Mark
Sent: Wednesday, August 13, 2003 1:56 PM
To: 'gml'
Subject: RE: [Full-Disclosure] smarter dcom worm
Using Netbios over the internet would not be a very reliable spreading
technique. It would work great for LAN infection. Besides someone
might
...or AV/Firewall killing.
msblast is very sloppy. The fact that it uses the old code that reboots the computer ruined their hopes of spreading undetected. Now if you are unpatched, chances are(random IP generating taken into account), your computer will reboot at least once a day or more. Some
: Tuesday, August 12, 2003 6:32 PM
To: [EMAIL PROTECTED]
Subject: [Full-Disclosure] smarter dcom worm
As many people have said, this worm sucks. First of all, look at the host
discovery mechanism. Random IP's are so outdated. A better idea? Start
with:
1. Subnet (192.168.x.x)
2. WAN Address
12, 2003 3:32 PM
| To: [EMAIL PROTECTED]
| Subject: [Full-Disclosure] smarter dcom worm
|
|
| As many people have said, this worm sucks. First of all, look at
| the host discovery mechanism. Random IP's are so outdated. A
| better idea? Start with:
|
| 1. Subnet (192.168.x.x)
| 2. WAN Address
] On Behalf Of Justin Shin
Sent: Tuesday, August 12, 2003 6:32 PM
To: [EMAIL PROTECTED]
Subject: [Full-Disclosure] smarter dcom worm
As many people have said, this worm sucks. First of all, look at the host
discovery mechanism. Random IP's are so outdated. A better idea? Start
with:
1
As many people have said, this worm sucks. First of all, look at the host discovery
mechanism. Random IP's are so outdated. A better idea? Start with:
1. Subnet (192.168.x.x)
2. WAN Address [for nat's] (24.31.34.x)
3. Incremental WAN (24.31.x.x)
Obviously not a new idea but also not a bad
10 matches
Mail list logo