[Full-Disclosure] Re: [Dshield] new msblaster on the loose?

Joey joey2cool at yahoo.com
Wed Aug 13 21:23:30 GMT 2003

Or how about putting some expletives in the name and
watch the media try to say it.

The name change IS irrelevant :
Although the most widespread worm in while, it is also
very LOUD. other virii may slow your computer down
ect, while this one makes a never ending cycle of
computer restarts as long as an unpatched computer is
on the internet, making it OBVIOUS that its infected.
The media, emails, and IM services smothered this worm
in only a couple days. The effectiveness of this worm
after a week or two as well as the exploit will be 0%.
The designer would have been better off using the
second DoS exploit that microsoft has no patch for
than wasting our time with this one. Of course a 5
year old probably made this worm because it took the
code straight from dcom.c and uses the port 4444
bindshell. Not only is it buggy(restarts), its SLOW.
Congrats to the designer for the sloppiest,
untested(or just plain stupid for allowing restarts),
and not well though out worm in history.

"oo im gonna DDoS windowsupdate.com so nobody can
download the patch!" <- this led me to believe that
the author is a 5 year old since the patch could be
moved to, or already is at, a different server. Not an
actual quote however :P

--- John Sage <jsage at finchhaven.com> wrote:
> You can call it foo.exe or bar.exe and if it does
> absolutely the same
> thing, the name change is irrelevant...
> ...except to set off those self-serving companies
> who are trying to
> get some press out of all this:

Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

More information about the list mailing list