Has anyone thought of that whoever wrote this worm could have done much worse? Somehow I think that if someone where to take this code and change it so it affects all versions (Not just English) of MS IIS server and then attack a DNS name like www.microsoft.com or www.yahoo.com I think we'd be in big trouble... Since this worm only affected the English version of IIS that leaves the rest of the IIS servers out there in the world still potentially vulnerable. Like I said maybe whoever wrote this worm wanted to have a second shot at it by only infecting English version boxes he now only has to modify his code a little bit to have another shot this time fixing where he went wrong... attacking an IP address that can be easily changed instead of attacking the name www.whitehouse.gov Just some food for thought... ======================================================= Jimmy Sadri jimmys@private Network Engineer/ jimmys@private Security Consultant
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:23:56 PDT