[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Windows Dcom Worm planned DDoS

To: full-disclosure@lists.netsys.com
Subject: Re: [Full-Disclosure] Windows Dcom Worm planned DDoS
From: Reveret Julien <shaddai@nerim.net>
Date: Wed, 13 Aug 2003 00:59:27 +0200

On Tue, Aug 12, 2003 at 07:02:37PM +0200, Sebastian Niehaus wrote:
> > And, of course, if MS started messing with the DNS entries for 
> > windowsupdate.com, it would be cutting an awful lot of users off from 
> > much needed updates. which could be as disturbing as the rest of the 
> > worm's effects...
> 
> Could be a nice feature of a worm to modify the "hosts" file and
> prevent infected maschines to do DNS lookups.

Interesting concept :)

> Users typing "www.microsoft.com" into their browsers could be tricked
> into downloading stuff from hostile servers and the "windows update"
> could be disabeled easily.

What if someone shutdowns the server ? I think a worm could be more
efficient by disabling windowsupdate.com (ptr to 127.0.0.1), preventing
users from patching easily their system.

> This probably istn't a new concept, eh?

I don't know.

-- 
We are the knights who say 
echo '16i[q]sa[ln0=aln100%Pln100/snlbx]sbA0D4D465452snlbxq'|dc

PGP signature

References:
- Re: [Full-Disclosure] Windows Dcom Worm planned DDoS
  - From: Nick FitzGerald <nick@virus-l.demon.co.uk>
- Re: [Full-Disclosure] Windows Dcom Worm planned DDoS
  - From: Sebastian Niehaus <killedbythoughts@mindcrime.net>

Prev by Date: Re: [Full-Disclosure] Blaster: will it spread without tftp?
Next by Date: Re: [Full-Disclosure] Windows Dcom Worm planned DDoS
Prev by thread: Re: [Full-Disclosure] Re: Windows Dcom Worm planned DDoS
Next by thread: Re: [Full-Disclosure] Windows Dcom Worm planned DDoS
Index(es):
- Date
- Thread