[Dshield] MyDoom-A/B

Pete Cap peteoutside at yahoo.com
Tue Feb 3 12:06:56 GMT 2004


jayjwa,
 
Look into SINIT.
 
This is a trojan along the lines of SoBig which uses P2P to check other known infected machines for updates, new lists of infected machines, etc.  The network of compromised hosts is being used to store and move files, among other things.
 
I don't think it requires a significant level of sophistocation...SINIT only needs to ask each infected machine it comes into contact what version it's running, and copy and replace itself if it finds something newer.
 
I'm sure the propagation is a lot more erratic than with SoBig but then again this is much more robust without any central server to take down (which has been observed countless times since SINIT appeared).

Regards,
Pete
 

jayjwa <jayjwa at atr2.ath.cx> wrote:
To my knowlege, no virus has yet to sucessfully receive instructions from
another virus designed to allow that virus to better spread. Viruses, for
all their mystery, are only programs, not living, reasoning things. While
it may be technically possible for a virus to search out its environment
and interact with another virus already installed (or even rootkit?)
there to further its own infections, this approach to replication would
involve significate amounts of AI, and in doing so would result in a very
large and unwieldy virus better suited for POC code than an actual,
in-the-wild intended virus.



[jayjwa]RLF#37


_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list

---------------------------------
Do you Yahoo!?
Yahoo! SiteBuilder - Free web site building tool. Try it!


More information about the list mailing list