On Sep 19, 11:43am, Roelof wrote: > (excuse the X posting - I dont know where it will be moderated) > Moderators, > > Here some comments and code on the new worm. Publish if you think it > might do any good. If not I'll understand 100%. > > --cut-- > > Three things that could have made the worm better/worse: > > 1. Targetting > ------------- > The targetting sucks. Random targetting is just SO ancient, and its > simply not nice. Speaking of this... somebody was thinking that Nimda gets targeting info from the web browser's history, as well as the address book? Does it actually do this? How about log files on the servers it infects? (I like lynx's capability of turning off the referer header...) > Bottom line? Well - just this - worms can be much more effective - > so beware - this is just the start. The Outlook/IE bit - nicely done > (in a severe twisted sense). Quite. -Allen -- Allen Smith easmithat_private September 11, 2001 A Day That Shall Live In Infamy II "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." - Benjamin Franklin ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Sep 19 2001 - 09:43:00 PDT