CRv2 - Questions

From: The Death (thedeadhat_private)
Date: Fri Jul 20 2001 - 14:40:31 PDT

  • Next message: terminatorat_private: "CodeRed"

    Hello people.
    I have few questions:
    
    1) Is it known if the CRv2 worm will function like CRv1, in the matter of
    c:\noworm ? If so, then systems who were once infected (with the CRv1 worm)
    will actually not go trough step 7 (attacking www.whitehouse.gov)
    
    2) Is it known for the destenation of attack used by the CRv2 worm? Is it
    still trying to attack the blocked IP as CRv1 ?
    
    3) What, do you think, caused the 'black hat' who made CRv1 to release CRv2?
    It isn't too smart to send CRv1 to "check the ground", as CRv1 brought alot
    of awareness to the bug exploited, therefore CRv2 will have much less hosts
    to exploit. Might it be that the 'black-hat' was not aware of the short
    period of the PRNG he designed?
    
    Regards,
    	The Death
    	thedeadhat_private (this is not a typo)
    
    
    
    ----------------------------------------------------------------------------
    
    
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see:
    
    http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Sat Jul 21 2001 - 14:39:58 PDT