Free Republic
Browse · Search 		News/Activism
Topics · Post Article

To: Golden Eagle
You're talking in circles again, what?

No, I'm just trying to explain the obvious to someone who doesn't quite get it.

You're going to need a host, to link to, and if you haven't already rooted the client your only other option is your own server, which would be like robbing a bank but leaving your driver's license.

It isn't difficult to find a host to link to, without leaving any trace back to the perpetrator, if the perpetrator already has a pool of compromised servers to choose from. They won't last much longer than the time it takes to investigate and disassemble the worm, but by then the damage will already be done to everyone who fell for it.

And while you correctly pointed out that firewalls would limit propagation, one could always link back to the compromised system that was used to send the email. It won't work all the time, but it's not necessary for it to work every time. And it would distribute the task and make it much more difficult to stop the propagation.

There's simply not much way this can be exploited, despite the obvious attempt of the author to distract from the Linux virus debacle.

Wow, where do I begin?

  1. Exploiting this bug is trivial and is easily made untraceable. It's not terribly efficient and probably won't spread as wide/fast as recent ones, but if one simply wants a pool of compromised systems for other illegal purposes, it's sufficient.

  2. Salo simply posted a report that was widely distributed among a number of tech news sites. There's no conspiracy here.

  3. What Linux virus? Oh, you mean the Windows worm that you insist was originated by a Linux user? Are we now labeling attacks by the OS that you suspect the perpetrator is running, without any evidence at all?

  4. What debacle? SCO's recent day in court, where they got slapped down by a judge and were ordered to present their evidence in detail, or face dismissal of their suit?

122 posted on 01/29/2004 6:42:37 PM PST by justlurking
[ Post Reply | Private Reply | To 120 | View Replies ]

To: justlurking
I read your whole post and started to reply but not necessary, the attack you describe is barely dependent if at all on this particular IE hole for success, your questionable assumptions about original and duplicate host productionn and protection notwithstanding.

So while you seem to be very if not interstingly well versed in virus creation methods, this particular hole isn't even necessary for your described exploit, therefore apparently being another attempt to distract attention from the "SCO Denial of Service Worm" (like that one better?).
125 posted on 01/29/2004 7:34:41 PM PST by Golden Eagle
[ Post Reply | Private Reply | To 122 | View Replies ]

Free Republic
Browse · Search 		News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson