Fowarded from: security curmudgeon <jerichoat_private> Few comments about this FUD fest.. > http://www.computerworld.com/securitytopics/security/cybercrime/story/0,10801,76071,00.html > > By DAN VERTON > NOVEMBER 20, 2002 > > A Malaysian virus writer who is sympathetic to the cause of the > al-Qaeda terrorist group and Iraq and who has been connected to at > least five other malicious code outbreaks is threatening to release > a megavirus if the U.S. launches a military attack against Iraq. > > The virus writer, who goes by the handle Melhacker and is believed > to have the real name of Vladimor Chamlkovic, is thought to have > written or been involved in the development of the > VBS.OsamaLaden@mm, Melhack, Kamil, BleBla.J and Nedal worms. Searching Symantec's site, there is no record of VBS.OsamaLaden (or the search engine there is bad). Broaden the search to just "OsamaLaden" and you get .. VBS.Melhack.B: http://securityresponse.symantec.com/avcenter/venc/data/vbs.melhack.b.html VBS.Melhack.B is an intended mass mailing worm that is written in Visual Basic. It copies itself as OsamaLaden.vbs into two locations. Threat Assessment? Number of infections: 0 - 49 Number of sites: 0 - 2 Geographical distribution: Low Threat containment: Easy Removal: Easy Searching for "Kamil" we find: http://securityresponse.symantec.com/avcenter/venc/data/vbs.melhackat_private Number of infections: 0 - 49 Number of sites: 0 - 2 Geographical distribution: Low Threat containment: Easy Removal: Moderate Searching for "blebla" we find: http://securityresponse.symantec.com/avcenter/venc/data/w32.blebla.j.worm.html Number of infections: 0 - 49 Number of sites: 0 - 2 Geographical distribution: Low Threat containment: Easy Removal: Easy Also find: http://securityresponse.symantec.com/avcenter/venc/data/w32.kamil.html Number of infections: 0 - 49 Number of sites: 0 - 2 Geographical distribution: Low Threat containment: Easy Removal: Easy Also find: http://securityresponse.symantec.com/avcenter/venc/data/w32.hllp.nedal.html Number of infections: 0 - 49 Number of sites: 0 - 2 Geographical distribution: Low Threat containment: Easy Removal: Easy So in summary.. we have five or six of the most pathetic worms you can possibly find on Symantec's site I believe. These are the same crappy worms we have seen for the last year or more. Look at the number of infections, distribution, threat containment and removal. Easy and Low (was re: pathetic). This guy sounds like a script kiddy of the virus world. Why don't I perceive this as a threat? > However, in an exclusive interview today with Computerworld, > Melhacker confirmed earlier reports by Chantilly, Va.-based iDefense > Inc. that he has developed and tested a "three-in-one" megaworm > code-named Scezda that combines features from the well-known SirCam, > Klez and Nimda worms. All of which are easy to identify and block if a company actually updates their virus signatures... > Brian Kelly, president and CEO of iDefense, said that while > Melhacker hasn't proved adept at seeding new worms in the wild, this > worm could be difficult to stop. IDefense quietly warned its clients > last week Why? Doesn't iDefense analyze the data before making decisions? Don't they see a clear pattern on the previous? Doesn't the mere fact that they know when the worm would be released, what components and signatures are present.. that it wouldn't be difficult to stop? But we know.. iDefense sells FUD. Their customers won't buy advisories/alerts that say "some dork in malaysia is going to release a worm that might hit 49 machines". > "If he were to be successful with this one, it could be very serious," SO BUY OUR SERVICES OMG! Because it COULD be serious! It COULD be all out cyber war! Just like we predicted for years! BUY OUR SERVICES THNX. > Vincent Gullotto, vice president at McAfee Security's Avert, a > division of Network Associates Inc., said the threat posed by Scezda > is completely dependent on whether or not Melhacker is successful in > getting it to propagate. > > "If he is, it could be very large," said Gullotto. SO BUY OUR PRODUCT OMG! Doesn't matter that his other five or more worms were dismal failures as far as worms go... BUY OUR PRODUCT AND WE WILL PROTECT YOU. > Melhacker, who has also gone by the name Kamil, may have had some > involvement in the September release of the BugBear mass-mailing > network attack worm. According to iDefense, Melhacker has close ties > to Nur Mohammad Kamil, who identifies himself as part of a group > known as "A.Q.T.E. Al-Qaeda Network." Melhacker has also associated > himself with the al-Qaeda network for a long period and has been an > active Malaysian malicious coder threat for at least six years. Six years and those five worms are the best he could do? > "While it might be true that al-Qaeda operatives are not well > organized, skilled or equipped to mount a serious cyberoffensive, it > is likely that al-Qaeda sympathizers will serve as surrogates in > their cyberoffensive," said Kelly. To summarize: They aren't organized. They have no skills. They have no capability to mount a CYB3R0FFENSIVE, but it COULD BE BAD OMG OMG OMG BUY OUR SERVICE JUST IN CASE. Jeez, talk about irresponsible. Verton, Kelley and that Symantec dork need to start being honest with the public and their clients, and maybe themselves some day. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Nov 22 2002 - 02:07:27 PST