nanog mailing list archives
Re: Impending (mydoom) DOS attack
From: "Stephen J. Wilcox" <steve () telecomplete co uk>
Date: Sat, 31 Jan 2004 18:24:42 +0000 (GMT)
For the record, I fully believe that this worm (both variants) is designed to attack high profile targets in order to take the focus off of it's spamming capability and create uncertainty as to what group actually authored the worm. It is my firm belief that this worm was written by spammers for the purpose creating spam relays.
I'm not sure what the point of the DoS is if its intended to be a spam engine, that would have the effect of helping to identify and hence clean up the infections. Of course we're guessing about the spam connection, it doesnt have a spam engine in it, the mail capabilities are purely to redistribute itself... to do spam you need to add the engine via the backdoor. I'm tempted to think its nothing more than a bot and the backdoor is to allow the controller to go in and change its target. The DoS engine isnt that well written tho, this is odd too... Oh well, I guess we'll see tomoro! Steve
Current thread:
- Impending (mydoom) DOS attack bcm (Jan 30)
- Re: Impending (mydoom) DOS attack Chris Behrens (Jan 30)
- Re: Impending (mydoom) DOS attack Leo Bicknell (Jan 30)
- Lack of Info (was Re: Impending (mydoom) DOS attack) Sean Donelan (Jan 30)
- Re: Impending (mydoom) DOS attack Mike Tancsa (Jan 30)
- MyDoom statistics (was Re: Impending (mydoom) DOS attack) Sean Donelan (Jan 30)
- Re: Impending (mydoom) DOS attack Donovan Hill (Jan 30)
- Re: Impending (mydoom) DOS attack Leo Bicknell (Jan 30)
- Re: Impending (mydoom) DOS attack Laurence F. Sheldon, Jr. (Jan 30)
- Re: Impending (mydoom) DOS attack Donovan Hill (Jan 30)
- Re: Impending (mydoom) DOS attack Stephen J. Wilcox (Jan 31)
- Re: Impending (mydoom) DOS attack Valdis . Kletnieks (Jan 31)
- Re: Impending (mydoom) DOS attack Laurence F. Sheldon, Jr. (Jan 31)
- Re: Impending (mydoom) DOS attack Leo Bicknell (Jan 30)
- Re: Impending (mydoom) DOS attack Mikael Abrahamsson (Jan 30)
- <Possible follow-ups>
- Fw: Impending (mydoom) DOS attack james (Jan 30)