Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

fulldisclosure logo Full Disclosure mailing list archives

RE: MyDoom download info
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Mon, 02 Feb 2004 11:45:48 +1300
Steve Wray <steve.wray () paradise net nz> wrote:


Paul, your quoting is a bit off there (makes it look as if I wrote
that),
but to address the points, as one person wrote, its difficult to spread 
fast when you are trying to be stealthy; I would argue that if one is 
stealthy enough, one doesn't need to spread fast since one is trying to 
evade detection rather than evading elimination.

If a virus could spread slowly but stealthily, it could be all over
the planet and activated before any antivirus vendor became aware
of its presence and came out with a fix; it wouldn't matter much
if it took a year of quiet spreading.

Sometimes (and here I go sounding paranoid again) it seems that the
viruses and worms we see are nothing but a smokescreen; they are
SO VERY obvious.

so-called 'script kiddies' and the old school vxers wanted a quick hit
of adrenalin. Organised crime syndicates are a lot more patient.


I think you are missing something rather important here...

You do not have to be stealthy to be successful.

The "bad guys" (VX'ers, organized crime,however you paint it) seem to 
have worked out that if you hit a few million Email addresses you will 
get run on a several hundred to a few thousand machines that are not 
only not "protected" with AV and/or a firewall (or that will be left 
for quite some time with them disabled after your code disables them) 
but which have always-on high-speed Internet connections.  That's 
probably enough machines for several weeks to months of their nefarious 
uses, with many of the  machines slowly getting picked off as 
complaints to the service providers escalate to the point where the 
individual owners have their access denied until they "fix" their 
machines.

This is a classic negative application of the much-vaunted "autonomy" 
of the Internet.


Regards,

Nick FitzGerald

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]