Re: the better worm tutorial

["Allen Smith" <easmith () beatrice rutgers edu>]

On Sep 19, 11:43am, Roelof wrote:
> (excuse the X posting - I dont know where it will be moderated)
> Moderators,
>
> Here some comments and code on the new worm. Publish if you think it
> might do any good. If not I'll understand 100%. 
>
> --cut--
>
> Three things that could have made the worm better/worse:
>
> 1. Targetting
> -------------
> The targetting sucks. Random targetting is just SO ancient, and its
> simply not nice.

Speaking of this... somebody was thinking that Nimda gets targeting
info from the web browser's history, as well as the address book? Does 
it actually do this? How about log files on the servers it infects? (I 
like lynx's capability of turning off the referer header...)

> Bottom line? Well - just this - worms can be much more effective -
> so beware - this is just the start. The Outlook/IE bit - nicely done
> (in a severe twisted sense).

Quite.

        -Allen

-- 
Allen Smith                     easmith () beatrice rutgers edu
September 11, 2001              A Day That Shall Live In Infamy II
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety." - Benjamin Franklin

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com