Full Disclosure mailing list archives
RE: MyDoom download info
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Mon, 02 Feb 2004 11:45:48 +1300
Steve Wray <steve.wray () paradise net nz> wrote:
Paul, your quoting is a bit off there (makes it look as if I wrote that), but to address the points, as one person wrote, its difficult to spread fast when you are trying to be stealthy; I would argue that if one is stealthy enough, one doesn't need to spread fast since one is trying to evade detection rather than evading elimination. If a virus could spread slowly but stealthily, it could be all over the planet and activated before any antivirus vendor became aware of its presence and came out with a fix; it wouldn't matter much if it took a year of quiet spreading. Sometimes (and here I go sounding paranoid again) it seems that the viruses and worms we see are nothing but a smokescreen; they are SO VERY obvious. so-called 'script kiddies' and the old school vxers wanted a quick hit of adrenalin. Organised crime syndicates are a lot more patient.
I think you are missing something rather important here... You do not have to be stealthy to be successful. The "bad guys" (VX'ers, organized crime,however you paint it) seem to have worked out that if you hit a few million Email addresses you will get run on a several hundred to a few thousand machines that are not only not "protected" with AV and/or a firewall (or that will be left for quite some time with them disabled after your code disables them) but which have always-on high-speed Internet connections. That's probably enough machines for several weeks to months of their nefarious uses, with many of the machines slowly getting picked off as complaints to the service providers escalate to the point where the individual owners have their access denied until they "fix" their machines. This is a classic negative application of the much-vaunted "autonomy" of the Internet. Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: MyDoom download info Nico Golde (Jan 31)
- <Possible follow-ups>
- Re: MyDoom download info Valdis . Kletnieks (Jan 31)
- Re: MyDoom download info Nick FitzGerald (Jan 31)
- Re[2]: MyDoom download info Thierry (Jan 31)
- Re[2]: MyDoom download info J.A. Terranson (Jan 31)
- Re: MyDoom download info B$H (Feb 13)
- Re: MyDoom download info Ron DuFresne (Feb 13)
- Re[2]: MyDoom download info Thierry (Jan 31)
- Re: MyDoom download info Roland Dobbins (Jan 31)
- RE: MyDoom download info Steve Wray (Feb 02)
