Forwarded from: Aj Effin Reznor <ajat_private> "InfoSec News was known to say....." > http://www.zdnet.com/zdnn/stories/news/0,4586,2818419,00.html?chkpt=zdnn_nbs_hl > > By Wendy McAuliffe > ZDNet (UK) > October 18, 2001 5:20 AM PT With writing like this, it's no wonder that ZDNet doesn't have links to author's email addresses on their bylines. At lease Wired has the decency to allow their writers to take responsbility for what they write.... > Computer worms are set to become a more deadly combination of > virus writing and hacker exploits, according to security experts > at Symantec. This, as with the title, are FAR off base.... Worm writers are NOT becoming more deadly, they're merely catching up with exploit gaping holes embedded in shoddy operating systems... > Code Red and Nimda marked the demise of socially engineered worms, > by combining a blended threat of proven hacker exploits. Both > worms attacked the same buffer-overflow vulnerability in > Microsoft's IIS software, while Nimda additionally incorporated a > mass-mailing component enabling the virus to propagate on a > massive scale. Neither of the worms relied on the traditional need > for an infected computer user to double-click on a malicious > attachment. Again with the Counterpane school of thought... Nimda did *NOT* email itself... Sircam did, Nimda did not. While it may have created bogus .eml files on infected machines, it did not utilize email to propegate itself without user intervention. Either this is a user-less worm, or it isn't. The author seems to be rather confused. > "Nimda and Code Red have eliminated the need for human > intervention, by virus writers using what hackers have already > provided," said Eric Chien, chief researcher at Symantec. "One > year ago email worms were the big threat, as they spread quickly > and far--but now a lot more virus writers will be looking at the > hacker worm." So a malicious coder is either hacker or virus writer... no crossover is allowed? > Chien predicts that by next year, the "blended" threat of computer > worms could be enough to cause a serious Internet slowdown. > Antivirus experts at Symantec have already developed an algorithm > to prove that by removing human interaction from the virus > equation, every PC connected to the Internet could be affected by > a single worm within 20 minutes. EVERY PC? Or EVERY PC running a MS OS? Personally, my machines are either behind firewalls, or hardened. I know of at least a dozen that won't be infected. Mr. Chien needs to put down the glass pipe lest he starts mentioning the dreaded "Digital Pearl Harbour"!!! > But the trend towards blended virus attacks is blurring the lines > of responsibility for computer worms. On Wednesday, Microsoft > launched a verbal attack on security firms and hackers who release > what it calls virus "blueprints". A study done by Microsoft on > recent attacks by worms such as Code Red and Nimda found that each > had been prefaced by the release of so-called exploit code--sample > programs created by security firms and hackers to exploit software > flaws. Yes, I have issue with this, also. I have yet to see a study from MS, an actual study, to back this up. This appears to be yet another slam against eEye, as they were pointed at for releasing data on the default.ida exploit. HOWEVER, it has been proven time and time again that CR (and by extention, Nimda) do NOT use an entry point remotely close to the one that eEye described. So, since they can be exonerated of any wrongdoing or blame whatsoever, then WHAT could MS be poooooooooossibly talking about? > "Responsibility lies with the people who release the worm, not > necessarily the people who wrote it," said Chein. The Anna > Kournikova Too bad it doesn't lie with journalists, also. > virus, for example, was written with the help of an existing virus > toolkit available on the Internet, but Chein argues that the > script kiddie who unleashed the virus is the person ultimately > responsible for any damage caused to the networks. So it's not the guy that shoots the gun, but the guy that loads it? Yeah, that's going to hold up in a court of law! To lob another volley, it's interest that Thomas C. "Full Disclosure is Bad" Greene of the Reg/UK has again posted a story about a newfound vulnerability (this time Microsoft's digital rights management implementation) AND linked to exploit code in his story! Bravo for journalistic integrity! --- On a side note, my apologies to ISN subscribers who may tire of my occasional rants. Procmail me, it won't hurt my feelings. While many security minded professionals subscribe, I know there are several CIO and CTO level types also on the list who may be inclined to believe a good portion of the fluff out there. Regardless of wether or not "information should be free", the truth should be known.... -aj. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Oct 22 2001 - 03:00:18 PDT