[Dshield] Password protected Bagle.F

Micheal Patterson micheal at tsgincorporated.com
Mon Mar 1 22:19:03 GMT 2004



----- Original Message ----- 
From: "John Hardin" <johnh at aproposretail.com>
To: "General DShield Discussion List" <list at dshield.org>
Sent: Monday, March 01, 2004 2:40 PM
Subject: Re: [Dshield] Password protected Bagle.F


> On Mon, 2004-03-01 at 12:12, Micheal Patterson wrote:
>
> > What next? My worse case scenario is the day that someone, somewhere
> > breeches the software storage, undetected, of a major software vendor or
> > vendors, that specialize in compiler software for the masses. Inject a
> > trojan into the core compiler code, that in turn adds the same backdoor
to e
> > verything that is touched by that compiler. People will tell everyone
that
> > it's not possible, it's just too protected, ad nauseum. I will never
believe
> > that anything that you can physically touch, or access through a
networked
> > computer system can be that well protected. On that note, there is
always
> > someone, somewhere, within the access chain has the ability to modify
code,
> > and the knowledge to bury it so deep that others will not detect it. The
> > only real thing that has kept it from happening so far, imho, is the
> > personal integrity of the person with those abilities and privileges.
>
> You mean, something like Ken Thompson's root backdoor in the early Unix
> C compilers?
>
> --
> John Hardin  KA7OHZ
> Internal Systems Administrator/Guru               voice: (425) 672-1304
> Apropos Retail Management Systems, Inc.             fax: (425) 672-0192
> -----------------------------------------------------------------------
>   Failure to plan ahead on someone else's part does not constitute an
>   emergency on my part.
>                                   - David W. Barts in a.s.r
> -----------------------------------------------------------------------
>  Today: ICQ Corp goes away - have you installed Jabber yet?
>
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list

That was before my *nix time so I don't know the details I'm afraid but yes,
something like that only more up to date that has the ability to ack like a
virus and install / inject it's backdoor into any binary that it touches
along it's mery way. From my perspective, we're almost at that point in
todays systems. The main difference is that we can currently detect them.
What happens when one is concieved and implemented and lays dormant for
months or years and then goes active after all of the seeds are planted.
We've already seen attempts on the root servers and various other systems
through the net. I wonder what would happen, if millions upon millions of
systems were infected today, and they in turn infect millions more unnoticed
for the next 6 months. Then they trigger.

As my father and grandfather always told me, it's not the snake that you see
that bites you, but the one that you didn't see.

--

Micheal Patterson
TSG Network Administration
405-917-0600

Confidentiality Notice:  This e-mail message, including any attachments, is
for the sole use of the intended recipient(s) and may contain confidential
and privileged information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of the original
message.





More information about the list mailing list