New chapter in malware?
Results 1 to 5 of 5

Thread: New chapter in malware?

  1. #1
    Senior Member therenegade's Avatar
    Join Date
    Apr 2003
    Posts
    400

    New chapter in malware?

    Very Very worrying article,I feel for you admins out there,I really do lol
    I posted it here cos it was a bloody good read,and it had a few new ideas I didnt know could be done,the random number generator not being the least.Yet another confirmation that BlackIce isnt up to par?



    http://www.astalavista.com/index.php...ils&newsid=257
    http://www.computerworld.com/securit...,91528,00.html

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hmmm,

    What I find interesting is the motivation, rather than the methodology? OK there have been DoS/DDoS attacks against a few commercial targets, but this one is a bit different, given that it is so selective?......and much more subtle?

    You will notice that it only works against unpatched/obsolete product?, and only from one company.

    It is the kind of approach I would expect from disgruntled employees, extortionists or terrorists, rather than your average malware author?

    Also it was rather too well done and far to quick to be reverse engineering of a published vulnerability?

    It will be interesting to see what else emerges?

    Cheers...........interesting read



  3. #3
    Senior Member
    Join Date
    Jun 2004
    Posts
    460
    i agree with nihil, especially on the fact that this was done far too quickly for it to not be an insider job... maybe someone looking for job security
    [gloworange]find / -name \"*your_base*\" -exec chown us:us {} \\;[/gloworange] [glowpurple]Trust No One[/glowpurple][shadow] Use Hardened Gentoo [/shadow]
    CATAPULTAM HABEO. NISI PECUNIAM OMNEM MIHI DABIS, AD CAPUT TUUM SAXUM IMMANE MITTAM

  4. #4
    Member
    Join Date
    Nov 2003
    Posts
    67
    i agree with nihil, especially on the fact that this was done far too quickly for it to not be an insider job... maybe someone looking for job security
    or an individual just trying to prove a point..


    Cheers
    [gloworange]The Only Way to be Safe is To Never Be Secure. [/gloworange]
    Benjamin Franklin

  5. #5
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675
    Witty targeted a vulnerability in Black Ice and infected 12000 computers in only 45 minutes. And something new is that it had a specific target and was successful!

    If it had used common Windows vulnerabilities to spread, it would have been the most damaging worm we have seen yet. Worm writers learn from each other, and we have to assume that other worm writers have seen the disassembled code and will reuse it in future worms. Even worse, Witty's author is still unknown and at large -- and we have to assume that he's going to do this kind of thing again.
    I'm sure the deviants are already planning a new surprise.

    cheers.
    Connection refused, try again later.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •