Re: [Full-Disclosure] smarter dcom worm

ROTECTED]> Sent: Wednesday, August 13, 2003 6:57 AM Subject: RE: [Full-Disclosure] smarter dcom worm > I agree with Justin. You would think that by now someone would write a > random address generator that would solve the obvious timing problems that > Most worms seem to suffer from.

RE: [Full-Disclosure] smarter dcom worm

3 6:51 PM To: Justin Shin; [EMAIL PROTECTED] Subject: RE: [Full-Disclosure] smarter dcom worm You are correct in that "this worm sucks" but I think you could more eloquently put it as "this is probably the biggest pile of shit glued together crap ass excuse for a worm" that I

RE: [Full-Disclosure] smarter dcom worm

RE: [Full-Disclosure] smarter dcom worm You are correct in that "this worm sucks" but I think you could more eloquently put it as "this is probably the biggest pile of shit glued together crap ass excuse for a worm" that I've ever seen. >:-] That is NOT to say it is not b

RE: [Full-Disclosure] smarter dcom worm

You are correct in that "this worm sucks" but I think you could more eloquently put it as "this is probably the biggest pile of shit glued together crap ass excuse for a worm" that I've ever seen. >:-] That is NOT to say it is not being affective and damaging though. It is definitely a bad one. I

RE: [Full-Disclosure] smarter dcom worm

I agree with Justin. You would think that by now someone would write a random address generator that would solve the obvious timing problems that Most worms seem to suffer from. I was thinking more along the lines of Generating a random IP but on the first 3 octets and going through the Entire cl

RE: [Full-Disclosure] smarter dcom worm

Maybe even some polymorphic code and PE injection. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of SPAM Sent: Wednesday, August 13, 2003 12:56 AM To: [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] smarter dcom worm imho netbios and tftp are good enough

Re: [Full-Disclosure] smarter dcom worm

On Tuesday 12 August 2003 04:51 pm, Marc Maiffret wrote: > You are correct in that "this worm sucks" but I think you could more > eloquently put it as "this is probably the biggest pile of shit glued > together crap ass excuse for a worm" that I've ever seen. >:-] That is NOT > to say it is not be

Re: [Full-Disclosure] smarter dcom worm

TED] On Behalf Of Marc Maiffret > Sent: Tuesday, August 12, 2003 7:51 PM > To: Justin Shin; [EMAIL PROTECTED] > Subject: RE: [Full-Disclosure] smarter dcom worm > > You are correct in that "this worm sucks" but I think you could more > eloquently put it as "this is

RE: [Full-Disclosure] smarter dcom worm

...or AV/Firewall killing. msblast is very sloppy. The fact that it uses the old code that reboots the computer ruined their hopes of spreading undetected. Now if you are unpatched, chances are(random IP generating taken into account), your computer will reboot at least once a day or more. Some pe

Re: [Full-Disclosure] smarter dcom worm

On Wednesday 13 August 2003 02:08 pm, Joey wrote: > Since the exploit > was released for the most "important" service in windows that supposedly > makes windows impossible to run if you disable it, I think microsoft has no > credibility to say their OSs are secure or "most secure version of wind

Re: [Full-Disclosure] smarter dcom worm

On Tue, Aug 12, 2003 at 06:31:31PM -0400, Justin Shin wrote: > note -- im not trying to encourage this stuff, i am just pointing out some key flaws > in this worm. the next one may have all of these features and much more, because I > am not a very creative guy. Yes, this worm is rather stupid