This thing could spread without a master list. It would be after a set of ports that represent the hole it is to abuse, then attack using the list its parent gave it. attack -> infect -> pass bifurcated address list -> attack ---K Shoten wrote: > > Now I do doubt anyone who would release this would have access to a OC-12 > > line to release the payload. But that doesn't mean he/she couldn't hack > > into a site that does. Or hack into multiple sites and release the > payload > > from multiple sites at one time. > > Sayyyy....have any universities been compromised lately? But the real point > here is not the initial release; it's the scanning for vulnerable IPs that > happens BEFORE that, to develop the "master list" of targets. Any > compromised site having full saturation of an OC-12-ish line due to a > vulnerability scan of 0.0.0.0/0 is probably going to notice it, no matter > HOW braindead they might be. But a distributed scan, in lieu of a DDoS, > would work, although it does pose its own problems. Just build a zombie > that will scan instead of DoS, and have some method by which you can > reliably recover its results. > > Oooooh, here you go...have it both scan AND DDoS...have it DDoS you with > ICMP that contains the slightly obfuscated/copyprotected (I hear Adobe's > been doing great things with XOR lately, perhaps they want to chime in?) > results of the scans. > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Aug 24 2001 - 12:34:42 PDT