Virus writers intelligence - just wondering.

Discussion in 'NZ Computing' started by T.N.O, Aug 16, 2003.

  1. T.N.O

    T.N.O Guest

    Before anyone reads this, it is only my opinion, and just a thought about
    how it(blaster) *should* have been done...

    Having decided to read up on "blaster" tonight, I have began to wonder why
    don't the writers of virii like this, also put mailing capabilities into
    them, I mean surely they could have got the virus to spread alot more
    rapidly if hey also emailed it to all users in the address book

    On arrival at a new host, run a script(so many OE users out there) of some
    sort to check if AV or firewall software is running, shut it down, and
    continue as normal, this may have also made it affect win9x boxes.

    This would have also made it possiblt to attack a few more hosts for the
    DDOS(assuming they got the DNS right :) maybe take out www.microsoft.com ,
    www.windowsupdate.com , windowsupdate.microsoft.com and also a few others,
    maybe some of the tech news sites, just to stop the news spreading... and
    why give so many days notice to MS about the DDOS... surely this defeats the
    purpose, and gives them time to prepare...

    Anyway, thats my 2c... next time make it smarter... make it more of a
    challenge.
     
    T.N.O, Aug 16, 2003
    #1
    1. Advertising

  2. T.N.O

    T.N.O Guest

    Further to that...

    "I" wrote
    > I mean surely they could have got the virus to spread alot more
    > rapidly if hey also emailed it to all users in the address book


    Also, randomly making up names and spamming whole domains belonging to
    people in the address book, as in, it sees that yourmum@xtra is in the
    address book, so automatically emails bob@xtra george@xtra etc e1tc

    > This would have also made it possiblt to attack a few more hosts for the
    > DDOS(assuming they got the DNS right :) maybe take out www.microsoft.com ,
    > www.windowsupdate.com , windowsupdate.microsoft.com and also a few others


    Maybe chuck some of the anti virus sites on there for good measure.
    Also, studdy the places where he updates are dished out from, maybe target
    the servers that actually have the patches rather than webservers.

    > why give so many days notice to MS about the DDOS... surely this defeats

    the
    > purpose, and gives them time to prepare...


    And why set it to happen on one particular day, why not set it to do it via
    GMT time, so that it isn't really staggered via timezone.

    > Anyway, thats my 2c... next time make it smarter... make it more of a
    > challenge.


    Im not an advocate of this sort of crime, but if someone is going to do it,
    at least put some thought to it.
     
    T.N.O, Aug 16, 2003
    #2
    1. Advertising

  3. T.N.O

    Peter Guest

    this quote is from T.N.O of Sun, 17 Aug 2003 00:53 :
    > Before anyone reads this, it is only my opinion, and just a thought about
    > how it(blaster) *should* have been done...


    yes - the Aardvark article last Thursday covered similar grounds, ie there
    is scope for much better worms to be developed, in which case we would
    suffer a lot more damages.
    http://www.aardvark.co.nz/daily/2003/0814.shtml

    No matter how hard we try, anti-virus software and patches will always be
    playing catchup. Patches can only be made after a vulnerability is found,
    and anti-virus software definitions only cover already known viruses.
    Perhaps the only real defence is diversity of software. That way, only a
    small portion of the population is affected by any one worm, and
    exponential propagation is much more difficult.
    To enable diversity of software (ie no software app or OS has majority of
    market share), we need good standards and defined protocols.

    It's a natural solution. Nature uses diversity in the gene pool, so that a
    virus only wipes out a small portion of a species. A monoculture species
    is easily obliterated.


    Peter
     
    Peter, Aug 16, 2003
    #3
  4. T.N.O

    Dave Guest

    "Peter" <> wrote in message
    news:...
    > this quote is from T.N.O of Sun, 17 Aug 2003 00:53 :

    snip

    > It's a natural solution. Nature uses diversity in the gene pool, so that

    a
    > virus only wipes out a small portion of a species. A monoculture species
    > is easily obliterated.
    >

    Mmmm......the mind boggles when substituting "Microsoft" with
    "Monsanto"...............
    DW
     
    Dave, Aug 16, 2003
    #4
  5. T.N.O

    IRO Guest

    In article <3f3e263d$>, "T.N.O" <>
    wrote:

    > Before anyone reads this, it is only my opinion, and just a thought about
    > how it(blaster) *should* have been done...
    >
    > Having decided to read up on "blaster" tonight, I have began to wonder why
    > don't the writers of virii like this, also put mailing capabilities into
    > them, I mean surely they could have got the virus to spread alot more
    > rapidly if hey also emailed it to all users in the address book



    Heaven forbid. A really sinister worm would be one that propogates
    slowly and discretely, without bombing networks and drawing attention to
    itself. Who knows, maybe such a beast is already at work?

    --
    ....IRO

    Reply to <iro.spring<at>paradise<dot>net<dot>nz>
     
    IRO, Aug 17, 2003
    #5
  6. T.N.O

    Enkidu Guest

    On Sun, 17 Aug 2003 08:05:51 +1200, "Dave" <>
    wrote:

    >
    >"Peter" <> wrote in message
    >news:...
    >> this quote is from T.N.O of Sun, 17 Aug 2003 00:53 :

    >snip
    >
    >> It's a natural solution. Nature uses diversity in the gene pool, so that

    >a
    >> virus only wipes out a small portion of a species. A monoculture species
    >> is easily obliterated.
    >>

    >Mmmm......the mind boggles when substituting "Microsoft" with
    >"Monsanto"...............
    >

    Bollocks. Agriculture is already a monoculture. Has been for many
    centuries. Food crops would fail to survive if left to themselves.
    Have look sometime at the margins of fields. The escaped food crop
    plants soon revert to the wild type. Or as close as they can go given
    that half their chromosomes have been removed and the missing ones
    have to be replaced from exisiting wild plants. Monsanto has little to
    do with it.

    There is a story that bananas will be extinct in a decade or so,
    purely because the banana plant is sterile and so no possibility of
    the gene pool changing to combat new diseases.

    What's this to do with nz.comp anyway?

    Cheers,

    Cliff

    --

    Signed and sealed with Great Seal of the Executive
    Council of the Internet, by The Master of The Net.
     
    Enkidu, Aug 17, 2003
    #6
  7. T.N.O

    Dave Guest

    "Enkidu" <> wrote in message
    news:...

    > What's this to do with nz.comp anyway?
    >

    It's about bananas isn't it....
     
    Dave, Aug 17, 2003
    #7
  8. T.N.O

    Enkidu Guest

    On Sun, 17 Aug 2003 13:15:32 +1200, IRO
    <> wrote:

    >In article <3f3e263d$>, "T.N.O" <>
    >wrote:
    >
    >> Before anyone reads this, it is only my opinion, and just a thought about
    >> how it(blaster) *should* have been done...
    >>
    >> Having decided to read up on "blaster" tonight, I have began to wonder why
    >> don't the writers of virii like this, also put mailing capabilities into
    >> them, I mean surely they could have got the virus to spread alot more
    >> rapidly if hey also emailed it to all users in the address book

    >
    >
    >Heaven forbid. A really sinister worm would be one that propogates
    >slowly and discretely, without bombing networks and drawing attention to
    >itself. Who knows, maybe such a beast is already at work?
    >

    There are already email worms. Klez was one. Put "email" and "worm"
    into Google and you can read about thousands of them. If fact the
    very first worm was an email worm on Unix systems.

    I took the first post in this thread to be sarcasm....

    Cheers,

    Cliff
    --

    Signed and sealed with Great Seal of the Executive
    Council of the Internet, by The Master of The Net.
     
    Enkidu, Aug 17, 2003
    #8
  9. T.N.O

    Jacob Boehme Guest

    T.N.O allegedly said:

    >
    > Anyway, thats my 2c... next time make it smarter... make it more of a
    > challenge.


    Two possible reasons:

    1. the virus writer wasn't very skilled.

    2. the virus was released with intentional flaws - the reasons for which
    would be best known to the author.

    The first is simple enough.

    The second is more worrying. If the aim of the writer was to use the virus
    as a tool to produce certain events/ actions.....did they get what they
    wanted out of what actually happened?

    For example: could this virus be a "fire drill"? The way they do it to test
    how many people got out of the building and how fast they got out?

    The knowledge thus gained could refine the virus.....or responses to such a
    virus.

    Or something else altogether.
     
    Jacob Boehme, Aug 17, 2003
    #9
  10. T.N.O

    IRO Guest

    In article <bhmnhq$mm7$>,
    "Nicholas Sherlock" <> wrote:

    > > Heaven forbid. A really sinister worm would be one that propogates
    > > slowly and discretely, without bombing networks and drawing attention to
    > > itself. Who knows, maybe such a beast is already at work?

    >
    > If it was successful at propogating, people would notice the traffic really
    > quickly. If the vulnerability that allowed it to spread was discovered,
    > people would notice the connection attempts.



    What if the rate of propogation was low enough that it didn't attract
    attention? I gather this latest worm was only spotted because its author
    hadn't allowed for some bug in Windows and it kept crashing computers, a
    strict no-no if you want to spread far & wide undetected.
    If it only replicated itself infrequently and, say, in the middle of the
    night. it would take longer to spread but there's a good chance no-one
    would notice until huge numbers of computers had been infected.

    --
    ....IRO

    Reply to <iro.spring<at>paradise<dot>net<dot>nz>
     
    IRO, Aug 17, 2003
    #10
  11. T.N.O

    T.N.O Guest

    "Enkidu" wrote
    > I took the first post in this thread to be sarcasm....


    nope, wasn't sarcasm, I just think that if people really want to cause
    chaos, they could do it with a bit more thinking.
     
    T.N.O, Aug 17, 2003
    #11
  12. IRO wrote:
    > In article <bhmnhq$mm7$>,
    > "Nicholas Sherlock" <> wrote:
    >
    >>> Heaven forbid. A really sinister worm would be one that propogates
    >>> slowly and discretely, without bombing networks and drawing
    >>> attention to itself. Who knows, maybe such a beast is already at
    >>> work?

    >>
    >> If it was successful at propogating, people would notice the traffic
    >> really quickly. If the vulnerability that allowed it to spread was
    >> discovered, people would notice the connection attempts.

    >
    >
    > What if the rate of propogation was low enough that it didn't attract
    > attention? I gather this latest worm was only spotted because its
    > author hadn't allowed for some bug in Windows and it kept crashing
    > computers, a strict no-no if you want to spread far & wide undetected.
    > If it only replicated itself infrequently and, say, in the middle of
    > the night. it would take longer to spread but there's a good chance
    > no-one would notice until huge numbers of computers had been infected.


    If every computer only infected 2 other computers and stopped, you'd still
    eventually get hundreds of connection attempts to firewalls :). The only way
    it could spread undetected is if nobody noticed connection attempts, the
    vulnerability wasn't known by anyone and nobody noticed a foreign program
    running on their computer.

    Cheers,
    Nicholas Sherlock
     
    Nicholas Sherlock, Aug 17, 2003
    #12
  13. T.N.O

    Bret Guest

    On Sun, 17 Aug 2003 17:51:52 +1200, Jacob Boehme
    <> wrote:

    >T.N.O allegedly said:
    >
    >>
    >> Anyway, thats my 2c... next time make it smarter... make it more of a
    >> challenge.

    >
    >Two possible reasons:
    >
    >1. the virus writer wasn't very skilled.
    >
    >2. the virus was released with intentional flaws - the reasons for which
    >would be best known to the author.
    >
    >The first is simple enough.
    >
    >The second is more worrying. If the aim of the writer was to use the virus
    >as a tool to produce certain events/ actions.....did they get what they
    >wanted out of what actually happened?
    >
    >For example: could this virus be a "fire drill"? The way they do it to test
    >how many people got out of the building and how fast they got out?
    >
    >The knowledge thus gained could refine the virus.....or responses to such a
    >virus.
    >
    >Or something else altogether.
    >


    Perhaps hack MS's update server and modify the patch that everyone is
    downloading in response to MBlast.
     
    Bret, Aug 18, 2003
    #13
  14. On Tue, 19 Aug 2003 08:41:57 +1200, Bret wrote:

    >
    > Perhaps hack MS's update server and modify the patch that everyone is
    > downloading in response to MBlast.


    Or see how they dodge the bullet.

    The last DDoS virus attacked whitehouse.gov by IP number. The US govt
    repsodned by changing the IP of the server.

    This time, windowsupdate.com was targetted.

    Next time, windowsupdate.microsoft.com will be the target, possibly with
    all the akamai mirrors too.
     
    Uncle StoatWarbler, Aug 19, 2003
    #14
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?U3RlcGhlbiBTdGFrZXkgW01WUF0=?=

    I'm just wondering...

    =?Utf-8?B?U3RlcGhlbiBTdGFrZXkgW01WUF0=?=, Feb 17, 2005, in forum: Microsoft Certification
    Replies:
    1
    Views:
    548
    T-Bone
    Feb 18, 2005
  2. vbmark

    Just wondering....

    vbmark, Aug 9, 2005, in forum: Computer Support
    Replies:
    3
    Views:
    630
    Harrison
    Aug 12, 2005
  3. dojodirectory.co.uk

    just wondering..

    dojodirectory.co.uk, Jun 25, 2005, in forum: UK VOIP
    Replies:
    9
    Views:
    900
    Steven Sumpter
    Jun 29, 2005
  4. Bay Area Dave

    Just wondering...has GP posted any "Pro" images yet online?

    Bay Area Dave, Jun 23, 2004, in forum: Digital Photography
    Replies:
    11
    Views:
    590
    Jonathan Wilson
    Jun 26, 2004
  5. Colonel Flagg

    just wondering

    Colonel Flagg, Nov 12, 2003, in forum: Computer Security
    Replies:
    24
    Views:
    935
    Volker Birk
    Nov 18, 2003
Loading...

Share This Page