Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > NZ Computing > Virus writers intelligence - just wondering.

Reply
Thread Tools

Virus writers intelligence - just wondering.

 
 
T.N.O
Guest
Posts: n/a
 
      08-16-2003
Before anyone reads this, it is only my opinion, and just a thought about
how it(blaster) *should* have been done...

Having decided to read up on "blaster" tonight, I have began to wonder why
don't the writers of virii like this, also put mailing capabilities into
them, I mean surely they could have got the virus to spread alot more
rapidly if hey also emailed it to all users in the address book

On arrival at a new host, run a script(so many OE users out there) of some
sort to check if AV or firewall software is running, shut it down, and
continue as normal, this may have also made it affect win9x boxes.

This would have also made it possiblt to attack a few more hosts for the
DDOS(assuming they got the DNS right maybe take out www.microsoft.com ,
www.windowsupdate.com , windowsupdate.microsoft.com and also a few others,
maybe some of the tech news sites, just to stop the news spreading... and
why give so many days notice to MS about the DDOS... surely this defeats the
purpose, and gives them time to prepare...

Anyway, thats my 2c... next time make it smarter... make it more of a
challenge.


 
Reply With Quote
 
 
 
 
T.N.O
Guest
Posts: n/a
 
      08-16-2003
Further to that...

"I" wrote
> I mean surely they could have got the virus to spread alot more
> rapidly if hey also emailed it to all users in the address book


Also, randomly making up names and spamming whole domains belonging to
people in the address book, as in, it sees that yourmum@xtra is in the
address book, so automatically emails bob@xtra george@xtra etc e1tc

> This would have also made it possiblt to attack a few more hosts for the
> DDOS(assuming they got the DNS right maybe take out www.microsoft.com ,
> www.windowsupdate.com , windowsupdate.microsoft.com and also a few others


Maybe chuck some of the anti virus sites on there for good measure.
Also, studdy the places where he updates are dished out from, maybe target
the servers that actually have the patches rather than webservers.

> why give so many days notice to MS about the DDOS... surely this defeats

the
> purpose, and gives them time to prepare...


And why set it to happen on one particular day, why not set it to do it via
GMT time, so that it isn't really staggered via timezone.

> Anyway, thats my 2c... next time make it smarter... make it more of a
> challenge.


Im not an advocate of this sort of crime, but if someone is going to do it,
at least put some thought to it.


 
Reply With Quote
 
 
 
 
Peter
Guest
Posts: n/a
 
      08-16-2003
this quote is from T.N.O of Sun, 17 Aug 2003 00:53 :
> Before anyone reads this, it is only my opinion, and just a thought about
> how it(blaster) *should* have been done...


yes - the Aardvark article last Thursday covered similar grounds, ie there
is scope for much better worms to be developed, in which case we would
suffer a lot more damages.
http://www.aardvark.co.nz/daily/2003/0814.shtml

No matter how hard we try, anti-virus software and patches will always be
playing catchup. Patches can only be made after a vulnerability is found,
and anti-virus software definitions only cover already known viruses.
Perhaps the only real defence is diversity of software. That way, only a
small portion of the population is affected by any one worm, and
exponential propagation is much more difficult.
To enable diversity of software (ie no software app or OS has majority of
market share), we need good standards and defined protocols.

It's a natural solution. Nature uses diversity in the gene pool, so that a
virus only wipes out a small portion of a species. A monoculture species
is easily obliterated.


Peter


 
Reply With Quote
 
Dave
Guest
Posts: n/a
 
      08-16-2003

"Peter" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> this quote is from T.N.O of Sun, 17 Aug 2003 00:53 :

snip

> It's a natural solution. Nature uses diversity in the gene pool, so that

a
> virus only wipes out a small portion of a species. A monoculture species
> is easily obliterated.
>

Mmmm......the mind boggles when substituting "Microsoft" with
"Monsanto"...............
DW


 
Reply With Quote
 
IRO
Guest
Posts: n/a
 
      08-17-2003
In article <3f3e263d$(E-Mail Removed)>, "T.N.O" <(E-Mail Removed)>
wrote:

> Before anyone reads this, it is only my opinion, and just a thought about
> how it(blaster) *should* have been done...
>
> Having decided to read up on "blaster" tonight, I have began to wonder why
> don't the writers of virii like this, also put mailing capabilities into
> them, I mean surely they could have got the virus to spread alot more
> rapidly if hey also emailed it to all users in the address book



Heaven forbid. A really sinister worm would be one that propogates
slowly and discretely, without bombing networks and drawing attention to
itself. Who knows, maybe such a beast is already at work?

--
....IRO

Reply to <iro.spring<at>paradise<dot>net<dot>nz>
 
Reply With Quote
 
Enkidu
Guest
Posts: n/a
 
      08-17-2003
On Sun, 17 Aug 2003 08:05:51 +1200, "Dave" <(E-Mail Removed)>
wrote:

>
>"Peter" <(E-Mail Removed)> wrote in message
>news:(E-Mail Removed)...
>> this quote is from T.N.O of Sun, 17 Aug 2003 00:53 :

>snip
>
>> It's a natural solution. Nature uses diversity in the gene pool, so that

>a
>> virus only wipes out a small portion of a species. A monoculture species
>> is easily obliterated.
>>

>Mmmm......the mind boggles when substituting "Microsoft" with
>"Monsanto"...............
>

*******s. Agriculture is already a monoculture. Has been for many
centuries. Food crops would fail to survive if left to themselves.
Have look sometime at the margins of fields. The escaped food crop
plants soon revert to the wild type. Or as close as they can go given
that half their chromosomes have been removed and the missing ones
have to be replaced from exisiting wild plants. Monsanto has little to
do with it.

There is a story that bananas will be extinct in a decade or so,
purely because the banana plant is sterile and so no possibility of
the gene pool changing to combat new diseases.

What's this to do with nz.comp anyway?

Cheers,

Cliff

--

Signed and sealed with Great Seal of the Executive
Council of the Internet, by The Master of The Net.
 
Reply With Quote
 
Dave
Guest
Posts: n/a
 
      08-17-2003

"Enkidu" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...

> What's this to do with nz.comp anyway?
>

It's about bananas isn't it....


 
Reply With Quote
 
Enkidu
Guest
Posts: n/a
 
      08-17-2003
On Sun, 17 Aug 2003 13:15:32 +1200, IRO
<(E-Mail Removed)> wrote:

>In article <3f3e263d$(E-Mail Removed)>, "T.N.O" <(E-Mail Removed)>
>wrote:
>
>> Before anyone reads this, it is only my opinion, and just a thought about
>> how it(blaster) *should* have been done...
>>
>> Having decided to read up on "blaster" tonight, I have began to wonder why
>> don't the writers of virii like this, also put mailing capabilities into
>> them, I mean surely they could have got the virus to spread alot more
>> rapidly if hey also emailed it to all users in the address book

>
>
>Heaven forbid. A really sinister worm would be one that propogates
>slowly and discretely, without bombing networks and drawing attention to
>itself. Who knows, maybe such a beast is already at work?
>

There are already email worms. Klez was one. Put "email" and "worm"
into Google and you can read about thousands of them. If fact the
very first worm was an email worm on Unix systems.

I took the first post in this thread to be sarcasm....

Cheers,

Cliff
--

Signed and sealed with Great Seal of the Executive
Council of the Internet, by The Master of The Net.
 
Reply With Quote
 
Jacob Boehme
Guest
Posts: n/a
 
      08-17-2003
T.N.O allegedly said:

>
> Anyway, thats my 2c... next time make it smarter... make it more of a
> challenge.


Two possible reasons:

1. the virus writer wasn't very skilled.

2. the virus was released with intentional flaws - the reasons for which
would be best known to the author.

The first is simple enough.

The second is more worrying. If the aim of the writer was to use the virus
as a tool to produce certain events/ actions.....did they get what they
wanted out of what actually happened?

For example: could this virus be a "fire drill"? The way they do it to test
how many people got out of the building and how fast they got out?

The knowledge thus gained could refine the virus.....or responses to such a
virus.

Or something else altogether.


 
Reply With Quote
 
IRO
Guest
Posts: n/a
 
      08-17-2003
In article <bhmnhq$mm7$(E-Mail Removed)>,
"Nicholas Sherlock" <(E-Mail Removed)> wrote:

> > Heaven forbid. A really sinister worm would be one that propogates
> > slowly and discretely, without bombing networks and drawing attention to
> > itself. Who knows, maybe such a beast is already at work?

>
> If it was successful at propogating, people would notice the traffic really
> quickly. If the vulnerability that allowed it to spread was discovered,
> people would notice the connection attempts.



What if the rate of propogation was low enough that it didn't attract
attention? I gather this latest worm was only spotted because its author
hadn't allowed for some bug in Windows and it kept crashing computers, a
strict no-no if you want to spread far & wide undetected.
If it only replicated itself infrequently and, say, in the middle of the
night. it would take longer to spread but there's a good chance no-one
would notice until huge numbers of computers had been infected.

--
....IRO

Reply to <iro.spring<at>paradise<dot>net<dot>nz>
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Location Intelligence, the mashup of GIS and Business Intelligence JTP PR Java 0 10-21-2008 12:02 PM
Virus writers target upcoming Windows scripting language Au79 Computer Support 0 08-01-2006 05:48 AM
Virus Writers Target Windows Vista GraB NZ Computing 7 08-10-2005 12:43 AM
Microsoft offer $500,000 bounty on virus writers Mitch Computer Support 18 11-14-2003 01:56 AM
Virus writers turn to spam Mcploppy © Computer Support 0 07-31-2003 01:04 PM



Advertisments