Full Disclosure mailing list archives
w32.frethem.k@mm and good reading
From: full-disclosure () lists netsys com (Ron DuFresne)
Date: Mon, 15 Jul 2002 14:10:07 -0500 (CDT)
On Mon, 15 Jul 2002, Mark J. Walborn wrote:
Has anyone encountered the above mentioned worm? Several anti-viral software companies have posted updates as of midnight..
Trend Micro released this announcement on it recently: <quote> This non-destructive, memory-resident variant of WORM_FRETHEM.D propagates via email. It arrives as an attachment with the following details: Subject: Re: Your password! Message Body: You can access very important information by this password DO NOT SAVE password to disk use your mind now presscancel Attachment: DECRYPT-PASSWORD.EXE PASSWORD.TXT On systems with unpatched Internet Explorer, the file attachments automatically execute when this email message is previewed or opened in Microsoft Outlook and Outlook Express. WORM_FRETHEM.K is detected by pattern file #317. For more information on WORM_FRETHEM.K please visit our Web site at: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_FRETHEM.K </quote>
Also, I found the following article of interest. By Robin Miller, NewsForge.comPosted: 06/06/2002 at 12:10 GMT
[article SNIPPED] They article in question discusses security through obscurity, which is not viewed as sound by most folks in the security arena. If the skript kiddies looked hard enough they surely could find older sploits for such systems, if they took the time to attempt to identify the underlying Os to any degree, and surely better crackers will take that time. Of course there is this bit on the issue recently: <quote> How often hackers attack, and what they're after. Attack activity against corporate networks went up significantly in the first half of 2002 when compared with the second half of 2001, but the good news is that the incidence of highly sophisticated attacks was low between January and June this year. Despite the increased activity, the number of attacks that are considered highly aggressive or sophisticated was less than 1 percent. When highly aggressive attacks occur, they are more than 26 times more likely to have severe effects than attacks that are classified as moderately aggressive, so even the small percentage of such attacks remains cause for concern. (Internet Week, 11 Jul) </quote> Which begs the question, are more sophisticated attacks really reduced, or are more of them actually going undetected? Thanks, Ron DuFresne ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything.
Current thread:
- Anonymous surfing my ass!, (continued)
- Anonymous surfing my ass! Nick FitzGerald (Jul 14)
- Counseling not to use Windows (was Re: Anonymous surfing my ass!) David F. Skoll (Jul 14)
- Counseling not to use Windows (was Re: Ano Nick FitzGerald (Jul 14)
- Counseling not to use Windows (was Re: Ano Ron DuFresne (Jul 14)
- Counseling not to use Windows (was Re: Ano Chris L. Mason (Jul 15)
- Counseling not to use Windows (was Re: Ano David F. Skoll (Jul 15)
- w32.frethem.k@mm and good reading Mark J. Walborn (Jul 15)
- security through obsolescence??!@?! KF (Jul 15)
- security through obsolescence??!@?! Charles 'core' Stevenson (Jul 15)
- security through obsolescence??!@?! martin f krafft (Jul 15)
- w32.frethem.k@mm and good reading Ron DuFresne (Jul 15)
- w32.frethem.k@mm and good reading Nathan Fain (Jul 16)
- Anonymous surfing my ass! Ron DuFresne (Jul 14)
- Anonymous surfing my ass! Charles 'core' Stevenson (Jul 14)