«

"Enkidu" wrote
> I took the first post in this thread to be sarcasm....

nope, wasn't sarcasm, I just think that if people really want to cause
chaos, they could do it with a bit more thinking.

IRO wrote:
> In article <bhmnhq$mm7$>,
> "Nicholas Sherlock" <> wrote:
>
>>> Heaven forbid. A really sinister worm would be one that propogates
>>> slowly and discretely, without bombing networks and drawing
>>> attention to itself. Who knows, maybe such a beast is already at
>>> work?
>>
>> If it was successful at propogating, people would notice the traffic
>> really quickly. If the vulnerability that allowed it to spread was
>> discovered, people would notice the connection attempts.
>
>
> What if the rate of propogation was low enough that it didn't attract
> attention? I gather this latest worm was only spotted because its
> author hadn't allowed for some bug in Windows and it kept crashing
> computers, a strict no-no if you want to spread far & wide undetected.
> If it only replicated itself infrequently and, say, in the middle of
> the night. it would take longer to spread but there's a good chance
> no-one would notice until huge numbers of computers had been infected.

If every computer only infected 2 other computers and stopped, you'd still
eventually get hundreds of connection attempts to firewalls . The only way
it could spread undetected is if nobody noticed connection attempts, the
vulnerability wasn't known by anyone and nobody noticed a foreign program
running on their computer.

Cheers,
Nicholas Sherlock

On Sun, 17 Aug 2003 17:51:52 +1200, Jacob Boehme
<> wrote:

>T.N.O allegedly said:
>
>>
>> Anyway, thats my 2c... next time make it smarter... make it more of a
>> challenge.
>
>Two possible reasons:
>
>1. the virus writer wasn't very skilled.
>
>2. the virus was released with intentional flaws - the reasons for which
>would be best known to the author.
>
>The first is simple enough.
>
>The second is more worrying. If the aim of the writer was to use the virus
>as a tool to produce certain events/ actions.....did they get what they
>wanted out of what actually happened?
>
>For example: could this virus be a "fire drill"? The way they do it to test
>how many people got out of the building and how fast they got out?
>
>The knowledge thus gained could refine the virus.....or responses to such a
>virus.
>
>Or something else altogether.
>

Perhaps hack MS's update server and modify the patch that everyone is
downloading in response to MBlast.

On Tue, 19 Aug 2003 08:41:57 +1200, Bret wrote:

>
> Perhaps hack MS's update server and modify the patch that everyone is
> downloading in response to MBlast.

Or see how they dodge the bullet.

The last DDoS virus attacked whitehouse.gov by IP number. The US govt
repsodned by changing the IP of the server.

This time, windowsupdate.com was targetted.

Next time, windowsupdate.microsoft.com will be the target, possibly with
all the akamai mirrors too.