[Full-Disclosure] Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!

• Previous message: Mandrake Linux Security Team: "MDKSA-2003:011 - Updated fetchmail packages fix remote exploit vulnerability"
• In reply to: Richard M. Smith: "RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!"
• Next in thread: Brett Moore: "RE: [Full-Disclosure] Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!"
• Next in thread: Richard M. Smith: "[Full-Disclosure] RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!"
• Reply: Brett Moore: "RE: [Full-Disclosure] Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The article has some interesting implications in its own right.
However, if no damage whatsoever was done by hte worm then 
who would bother with the repercussions of the proof of concept?

And I belive that Jason Coombs' point is about the degree of damage.
Or to be metaphorical, the size of the horse that gets let out of the stable
before the door is closed.

An additional ethical issue would arise if the worm was written as a proof of concept
and was never meant to 'escape' into the wild....

Just tossin pennies,
-------------
Albert Sunseri
Information want to be priceless 
sunseriat_private

On Sat, Jan 25, 2003 at 06:11:12PM -0500, Richard M. Smith wrote:
> From: "Richard M. Smith" <rmsat_private>
> To: <jasoncat_private>, "'Jay D. Dyson'" <jdysonat_private>,
>         "'Bugtraq'" <bugtraqat_private>,
>         "'Full-Disclosure'" <full-disclosureat_private>
> Subject: RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!
> Date: Sat, 25 Jan 2003 18:11:12 -0500
> 
> However, this worm might not be so harmless as it appears because of
> collateral damage:


>    Bank of America ATMs Disrupted by Virus
>  
> http://story.news.yahoo.com/news?tmpl=story&ncid=578&e=3&cid=569&u=/nm/2
> 0030125/tc_nm/tech_virus_dc
> 
>    "SEATTLE (Reuters) - Bank of America Corp. said on 
>    Saturday that customers at a majority of its 13,000 
>    automatic teller machines were unable to process 
>    customer transactions after a malicious computer worm 
>    nearly froze Internet traffic worldwide."
> 
> Richard M. Smith
> http://www.ComputerBytesMan.com
> 
> -----Original Message-----
> From: Jason Coombs [mailto:jasoncat_private] 
> Sent: Saturday, January 25, 2003 4:41 PM
> To: Jay D. Dyson; Bugtraq
> Subject: RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!
> 


... snip ....

> 
> As of now we don't know who wrote the worm, but we do know that it looks
> like a concept worm with no malicious payload. There is a good argument
> to
> be made in favor of such worms. Whomever did write this worm could have
> done
> severe damage beyond unfocused DDoS and chose not to do so. One would
> expect
> intelligence agencies in developed countries to write and release
> precisely
> this type of concept worm as a form of mass inoculation against
> malicious
> attacks.

... snip ...

> Sincerely,
> 
> Jason Coombs
> jasoncat_private

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

• Next message: Brett Moore: "RE: [Full-Disclosure] Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!"
• Previous message: Mandrake Linux Security Team: "MDKSA-2003:011 - Updated fetchmail packages fix remote exploit vulnerability"
• In reply to: Richard M. Smith: "RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!"
• Next in thread: Brett Moore: "RE: [Full-Disclosure] Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!"
• Next in thread: Richard M. Smith: "[Full-Disclosure] RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!"
• Reply: Brett Moore: "RE: [Full-Disclosure] Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jan 27 2003 - 16:41:58 PST