Information Security News mailing list archives
NetSec Response over Trojan scare: From HackerNews
From: William Knowles <wk () C4I ORG>
Date: Mon, 12 Jun 2000 11:05:20 -0500
http://www.hackernews.com/press/netsec.html Date: 6/12/00 10:14 AM Received: 6/12/00 11:58 AM From: Scott Shreve, mss () netsec net To: contact () hackernews com CC: Jerry, jph () netsec net Howdy all, Just wanted to take a moment to respond to your top news article today. Nobody at NetSec ever said the Trojan was new. We stated that several thousand infected clients were being utilized for DDOS's by two administered servers. As for this variant of SubSeven being incapable of performing a DDOS- that's incorrect. Unless my definition of DDOS is skewed, I'm relatively sure that an installed agent capable of producing focused burst of packets from 1 of many infected clients(at a single target) and at the whim of a single point of administration is the very definition of a DDOS. NetSec was not surmising that the trojan was "possibly" a tool that could be used to perform a DDOS, the event was logged and recorded this past week. I think that the majority of the infected clients (who are in the process of being informed as I write) will disagree with Frank's opinion. While the media has performed to their regular standard of sowing the seeds of FUD, we have been guilty of nothing more than attempting to alert people to the fact that many hosts have been put in a position to unknowingly wreak mayhem. If we wanted press, NetSec would release the list of infected clients - THAT would would make good press. Nobody said there was a cutting edge new tool out there. We just found definitive evidence that several thousand machines fell victim to a slightly modified version of an old tool. The binary has been torn apart and distributed to several sources in the vain attempt to perform a service to the community and avoid much of the mudslinging that is currently going on. If anybody bothered to watch the CBS morning show they would have seen us state on National TV that the trojan was a modified version of SubSeven and the focus of the threat was not the "scariness" of the tool- it was the size of the infected populace and the serious nature of SOME of the infected clients. NetSec does it's best to detect impending problems before they occur, not after a bunch of kids have inconvenienced the hell (as well as cost a lot of money) out of some .com they have a grudge against. That's our job, that's what we do. I'd appreciate it if this reponse was posted. It's certainly not an attempt to start a debate, merely to set the record straight. Have a nice day. ___________________________ M. Scott Shreve Director of NSOC Technologies NETSEC 703.561.0420 *-------------------------------------------------* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen. Alfred. M. Gray, USMC --------------------------------------------------- C4I Secure Solutions http://www.c4i.org *-------------------------------------------------* ISN is sponsored by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- NetSec Response over Trojan scare: From HackerNews William Knowles (Jun 12)