[Dshield] cracking SoBig/SINIT/MyDoom, et alius

Andy Streule andy.streule at lythamhigh.lancs.sch.uk
Tue Feb 10 16:19:17 GMT 2004


in the future, I imagine rival gangs/countries will be attacking each other
with armies of compromised machines. now dont tell me there's a film about
that as well ;-)

it's an interesting question whether one group has 3 networks or 3 groups
have one network each.
is there any definate evidence of what these networks are used for?

~Andy

-----Original Message-----
From: Pete Cap [mailto:peteoutside at yahoo.com]
Sent: 10 February 2004 14:11
To: list at dshield.org
Subject: [Dshield] cracking SoBig/SINIT/MyDoom, et alius


Greetings all,
 
Was just going through my folders.  I've been collecting info on various
(possibly OC-related) malware that has come across my radar screen in the
past year or so.  Here's what I'm thinking:
 
FACT: the SoBig network is apparently still in existence since people are
seeing SoBig traffic again/still...
FACT: the SINIT network is still in operation (that's the P2P one)...
FACT: MyDoom has opened the door for ANOTHER network of compromised hosts
 
At this point we have at least three highly successful implementations of
the same idea: compromise a vast number of hosts and use them
for...whatever.  Yes, I know this isn't an original idea--and I know we see
scads of Botnets every day--but these three have been wildly successful
whereas other attempts have not.
 
So what I'm wondering at this point is...are there any commonalities among
these things?  I'm not about to suggest that they were written by the same
person...but you have to wonder.
 
Thoughts?
 
Regards,
Pete


---------------------------------
Do you Yahoo!?
Yahoo! Finance: Get your refund fast by filing online
_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list

***************************************************************************
This e-mail is confidential and privileged.  If you are not the intended
recipient do not disclose, copy or distribute information in this e-mail
or take any action in reliance on its content.
***************************************************************************

***************************************************************************
This email has been checked for known viruses. 
***************************************************************************




More information about the list mailing list