[Dshield] cracking SoBig/SINIT/MyDoom, et alius

Rick Klinge rick at jaray.net
Tue Feb 10 14:59:43 GMT 2004


> 
> Greetings all,
>  
> Was just going through my folders.  I've been collecting info 
> on various (possibly OC-related) malware that has come across 
> my radar screen in the past year or so.  Here's what I'm thinking:
>  
> FACT: the SoBig network is apparently still in existence 
> since people are seeing SoBig traffic again/still...
> FACT: the SINIT network is still in operation (that's the P2P one)...
> FACT: MyDoom has opened the door for ANOTHER network of 
> compromised hosts
>  
> At this point we have at least three highly successful 
> implementations of the same idea: compromise a vast number of 
> hosts and use them for...whatever.  Yes, I know this isn't an 
> original idea--and I know we see scads of Botnets every 
> day--but these three have been wildly successful whereas 
> other attempts have not.
>  
> So what I'm wondering at this point is...are there any 
> commonalities among these things?  I'm not about to suggest 
> that they were written by the same person...but you have to wonder.
>  
> Thoughts?
>  
> Regards,
> Pete
> 

Well thoughts?.. Hmm.. I'd say that Microsoft lackadaisical approach to
system security, coupled with ignorant users, will keep these type's of
viruses active for many years.  Organized Crime?  Perhaps.. But my gut
instinct says it's probably not.

~Rick

___________________________________________________________________
Virus Scanned and Filtered by http://www.FamHost.com E-Mail System.




More information about the list mailing list