Security Incidents mailing list archives
Re: Flash Worms
From: Kevin Reardon <Kevin.Reardon () oracle com>
Date: Thu, 23 Aug 2001 17:13:07 -0700
This thing could spread without a master list. It would be after a set of ports that represent the hole it is to abuse, then attack using the list its parent gave it. attack -> infect -> pass bifurcated address list -> attack ---K Shoten wrote:
Now I do doubt anyone who would release this would have access to a OC-12 line to release the payload. But that doesn't mean he/she couldn't hack into a site that does. Or hack into multiple sites and release thepayloadfrom multiple sites at one time.Sayyyy....have any universities been compromised lately? But the real point here is not the initial release; it's the scanning for vulnerable IPs that happens BEFORE that, to develop the "master list" of targets. Any compromised site having full saturation of an OC-12-ish line due to a vulnerability scan of 0.0.0.0/0 is probably going to notice it, no matter HOW braindead they might be. But a distributed scan, in lieu of a DDoS, would work, although it does pose its own problems. Just build a zombie that will scan instead of DoS, and have some method by which you can reliably recover its results. Oooooh, here you go...have it both scan AND DDoS...have it DDoS you with ICMP that contains the slightly obfuscated/copyprotected (I hear Adobe's been doing great things with XOR lately, perhaps they want to chime in?) results of the scans. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Flash Worms Stuart Staniford (Aug 17)
- Re: Flash Worms Michal Zalewski (Aug 18)
- Re: Flash Worms Stuart Staniford (Aug 18)
- Re: Flash Worms Michal Zalewski (Aug 18)
- Re: Flash Worms jaywhy (Aug 18)
- Re: Flash Worms Dragos Ruiu (Aug 19)
- Re: Flash Worms Shoten (Aug 23)
- Re: Flash Worms Kevin Reardon (Aug 24)
- Re: Flash Worms Stuart Staniford (Aug 18)
- Re: Flash Worms Stuart Staniford (Aug 22)
- Re: Flash Worms Michal Zalewski (Aug 18)
- Re: Flash Worms Bruno Treguier (Aug 21)
- Re: Flash Worms Kevin Reardon (Aug 22)
- Re: Flash Worms Jose Nazario (Aug 19)
- Flash Worms and congestion Stuart Staniford (Aug 22)
- <Possible follow-ups>
- Re: Flash Worms Vern Paxson (Aug 22)