Hello people. I have few questions: 1) Is it known if the CRv2 worm will function like CRv1, in the matter of c:\noworm ? If so, then systems who were once infected (with the CRv1 worm) will actually not go trough step 7 (attacking www.whitehouse.gov) 2) Is it known for the destenation of attack used by the CRv2 worm? Is it still trying to attack the blocked IP as CRv1 ? 3) What, do you think, caused the 'black hat' who made CRv1 to release CRv2? It isn't too smart to send CRv1 to "check the ground", as CRv1 brought alot of awareness to the bug exploited, therefore CRv2 will have much less hosts to exploit. Might it be that the 'black-hat' was not aware of the short period of the PRNG he designed? Regards, The Death thedeadhat_private (this is not a typo) ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sat Jul 21 2001 - 14:39:58 PDT