Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Possible First Crypto Virus Definitely Discovered!

From: "Job 317" <job317 () mailvault com>
Date: Wed, 09 Jun 2004 05:01:10 00200 (CEST)
Thought I might weigh in with a serious comment (although I might regret
it later ;) ).

Any Web hack attack can be sent using the openssl s_client program. You
pipe your attack over an SSL connection to port 443 (or to whatever port
is defined as an SSL port on the victim host).

This has been around for ages. Actually, I am a little surprised in
retrospect that I haven't seen much use of it.

Maybe I took this a little too seriously but this is nothing new.

Job

On  9-Jun-2004 03:00:18 +0200, you wrote:

We're all feeling a little silly today. This thread has kept me

chuckling all 

day tho. I don't know what's funnier, the tongue-in-cheek replies or

the 

serious ones!



On Tuesday 08 June 2004 16:06, Picciano, Anthony wrote:

Did I pick or weird day to join this maillist, or is it always this

silly?


-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com]On Behalf Of Micah
McNelly
Sent: Tuesday, June 08, 2004 4:32 PM
To: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] Possible First Crypto Virus

Definitely

Discovered!


Greatest post of all time.

/me claps.

/m
----- Original Message -----
From: "Goudie, Derek" <derek.goudie () earthtech ca>
To: <full-disclosure () lists netsys com>
Sent: Tuesday, June 08, 2004 1:54 PM
Subject: RE: [Full-disclosure] Possible First Crypto Virus

Definitely

Discovered!


Thanks!  I needed that....

-----Original Message-----
From: Jakob Jünger [mailto:krimskram () freenet de]
Sent: Tuesday, June 08, 2004 1:01 PM
To: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] Possible First Crypto Virus

Definitely

Discovered!

Hi,

I just can admit to what Billy wrote. The Firewall of my PDA is

getting

hot. It plays "Yellow Submarine" everytime I press the escape-key.

It

has to be something like this crypto-thing. I don't know what

"crypto"

means but it seems to be encrypted with EnglishLanguageProtocol.
Believe me, I have been the administrator of my PDA since I was

three

years old.

Jakob


Whatever ssl is, I don't know but it's using the so-called

"ssl"

port on the web servers.

But this port 443 is not SSH! Why should it be encrypted? And

what

is this "ssl" thing? I've been in IT for many years and I am now

IT

Director here at the bank... I would think that I would know

what

"ssl" would be. I don't think this worm has anything to do with
whatever "ssl" is. Does anybody even still use ssl? That's

probably

why the hackers chose it.

Sorry to say but it is not! I checked my incoming traffic again

this


morning


and the attack on port 443 is still coming in full steam ahead!

I


don't know


what's going on, but I am about to block that port on my

firewall.


Some


nitwit (probably the idiot that was here before I became IT

Director)

somehow, for some reason, deliberately opened port 443 on the


firewalls!


I am beginning to think that this is the first wave of the new

coming


global


crypto-storm!


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: