[unisog] New worm?

Russell Fulton r.fulton at auckland.ac.nz
Mon Apr 18 01:56:07 GMT 2005


On Sun, 2005-04-17 at 18:10 -0400, Dan Riley wrote:

> It's definitely not one-off, but it also doesn't look like a
> fully automated worm--my guess is semi-automated.  As for the
> lack of stealth, what that says to me is that they have enough
> systems where no one notices the most obvious intrusions that
> the extra cost of hiding their tracks isn't worth it.

Also the attackers want badly managed systems for their nefarious
purposes.  A spam relay or phishing site that stays up for a week is
much more useful than one that gets knocked down as soon as it to goes
into 'production'.  So being blatantly obvious about the attack self
selects machines that are suitable for their purposes.  

Russell.   
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2201 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20050418/e9e1f56c/smime.bin


More information about the unisog mailing list