[Full-Disclosure] Re: [Dshield] new msblaster on the loose?
jonathan at xcorps.net
Mon Aug 18 15:31:55 GMT 2003
-----BEGIN PGP SIGNED MESSAGE-----
On Monday 18 August 2003 10:20, Redaktion - Kryptocrew wrote:
> hi list,
> take a look to trendmicro, thats new:
Does it magically boot the system off known good media to check for
rootkits/backdoors/trojans/[insert favorite evil here]???
Does it magically monitor the traffic to and from the machine for a
reasonable period of time to ensure that nothing is amiss???
Does it reinstall the host OS from the original media and restore the last
known good backup???
So...what does it do?
It patches the hole and wipes out the worm if present, then deletes itself
in 2004. Great...except, MSBlaster wasn't the only thing that took
advantage of the RPC/DCOM exploit. Oops. Now the system administrator has
no cause to take any of the above steps because from his view, sitting in
his office running the latest eEye scanner, the machine was never
When will folks figure out that these so called "good worms" are not a good
thing? The failure of the author to take note of such fundamental flaws in
his or her logic suggests that they have no business doing anything, much
less volunteering to correct the world's problems. Of course, this could be
a deliberate cover-up...but somehow I think it's just another security
cowboy trying to save the world.
X Corps Security
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
-----END PGP SIGNATURE-----
Full-Disclosure - We believe in it.
More information about the list