[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] smarter dcom worm
- To: full-disclosure@lists.netsys.com
- Subject: Re: [Full-Disclosure] smarter dcom worm
- From: Jeremiah Cornelius <jeremiah@nur.net>
- Date: Wed, 13 Aug 2003 09:36:10 -0700
On Tuesday 12 August 2003 04:51 pm, Marc Maiffret wrote:
<SNIP>
> You are correct in that "this worm sucks" but I think you could more
> eloquently put it as "this is probably the biggest pile of shit glued
> together crap ass excuse for a worm" that I've ever seen. >:-] That is NOT
> to say it is not being affective and damaging though. It is definitely a
> bad one.
<SNIP>
Thanks for getting this out there, Marc!
I have been trying to indicate to victims in my customer base that they should
be glad that this first round is a bit of a hassle, but maybe a blessing for
them, because the worm is junk code - just short of a dud.
Hey! Free, unscheduled assessment!
We will undoubtably see a transition to a more robust transport and exploit
code, coupled with a more threatening payload - like the Code Red / Nimda
transition in 2001. I am afraid that the number of vectors will go up,
though. All the port-blocks and ACLs that drop Blaster will be conveniently
avoided for the next wave here. Anyone who cherry-picked symptomatic
approaches over a holistic application of depth defenses are still going to
be hit - and they'll wonder just how it could have happened again!
--
Jeremiah Cornelius, CISSP, CCNA, MCSE
Information Security Technology
email: jcorneli@hotmail.com - mobile: 415.235.7689
"What would be the use of immortality to a person who cannot use well a half
hour?"
--Ralph Waldo Emerson
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html