|
Full Disclosure
mailing list archives
Re: Authorities eye MSBlaster suspect
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Fri, 29 Aug 2003 23:19:28 +1200
Florian Weimer <fw () deneb enyo de> replied to "Larry Roberts":
The funnier thing would be if this was the guy tried to make the
variant that takes over your machine via the DCOM exploit and goes
out the windowsupdate.com and downloads the fix. That would be
hilarious!!!
This worm (which isn't a variant of the original one) ...
Correct -- the more clueful AV vendors were immediately aware of that
and thus gave it a new family name (pity they weren't clueful enough to
talk amongst each other and all settle on the _same_ new family name).
Thus the "try to install the DCOM RPC patch" worm is mainly known as
Nachi, Welchia and Welchi.
That has nothing to do with Blaster.B (or LovSan.B or MSBlast.B or
Poza.B or whatever other name your favourite AV calls what the media
seems to have settled on as "Blaster").
... is causing most
of the damage. Punishing the author would only be fair.
Yep.
And the hoary old chestnut "I didn't realize it would spread so far, so
fast or cause any damage" defense is bound to get another airing
despite its fundamental stupidity...
--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
 By Date 
By Thread
Current thread:
| 
Intro
