peteoutside at yahoo.com
Mon Feb 2 20:13:53 GMT 2004
Interesting theory...it makes sense! But how could you go about investigating it?
I also believe that the MyDoom spread/etc. is wholly suspect...but then, I have a conspiratorial mind :)
Kenneth Coney <superc at visuallink.com> wrote:
There are some problems with the My Doom stories. Something smells. Here
is what MSNBC has reported about SCO's My Doom related difficulties.
http://msnbc.msn.com/id/4113278/ "Hundreds of thousands computers bore
down on the SCO Group's home page, hitting the Web site with a deluge of
traffic that quickly overwhelmed it."
Strange, I thought I read here in this very thread that the mass mailings
by My Doom couldn't happen, due to a timing bug. So what happened? Was
the analysis completely and totally wrong? Or, did the attack reported by
SCO ever even happen? Or did the virus somehow repair the timing bug
(perhaps by receiving instructions over the opened ports)?
There are other issues.
Swen mailings to my machines have virtually stopped. The AV logs show I
have gone from an average of 30 or so received every day two weeks ago to
three (3) a day. Replacing W32.SwenA at mm is W32.MmailI at mm, W32.MmailS at mm,
and of course W32.Novarg.A at mm (aka My Doom type A). What happened to the
Swen? Does My Doom automatically stop and replace the Swen?
This My Doom thing spread so fast I am suspicious of the ease with which it
spread. I find it hard to believe that each and every infection point has
come from some idiot opening a .scr, or other, attachment from an unknown
person. Not in 2004. By now every one online over the age of 5 knows that
is a good way to get an infection in their PC. Are we to believe that a
hundred thousand 4 year olds were at the keyboard when the first infections
emerged? Let's instead go back to the Swen infections for a possible
explanation. Is it not more probable to suspect that many of the computers
previously infected with Swen (a more psychologically understandable
infection as it pretended to be an update from MS and was therefore
initially more plausible, at least to those who had registered their PC
with MS and didn't know MS emails nothing), or similar viruses (Gibe, etc.)
received new instructions through their already open servers and that these
Swen infected machines played a pivotal role in the spreading of My Doom by
functioning as command driven infection originators? Proving, or
disproving this will be fun. Perhaps the best proof is the decline in Swen
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
Do you Yahoo!?
Yahoo! SiteBuilder - Free web site building tool. Try it!
More information about the list