[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-disclosure] Virus Outbreak Attacking MS05-039 WIN2K

To: "Andrew Smith" <andrew.rse@xxxxxxxxx>, "Mike" <mjcarter@xxxxxxxxxx>
Subject: RE: [Full-disclosure] Virus Outbreak Attacking MS05-039 WIN2K
From: "Todd Towles" <toddtowles@xxxxxxxxxxxxxxx>
Date: Mon, 15 Aug 2005 11:07:13 -0500

I don't see a real reason for blocking them, other than to make you mad.
They could have easily pointed them to phishing sites, instead of the
loopback address. But the phishing sites would have been cut down very
fast when hard coded in the worm itself. 
 
Once they have control of the box using the IRC, this little "feature"
can be modified at any time however.


________________________________

        From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx
[mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf Of Andrew
Smith
        Sent: Monday, August 15, 2005 10:27 AM
        To: Mike
        Cc: full-disclosure@xxxxxxxxxxxxxxxxx
        Subject: Re: [Full-disclosure] Virus Outbreak Attacking MS05-039
WIN2K
        
        
        Can anyone explain why this virus chooses to block ebay, amazon
and paypal?
        This seems foolish if the intention is to remain on the
compromised host un-noticed.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] Privilege escalation in Network Associates ePolicy Orchestrator Agent 3.5.0 (patch 3)
Next by Date: RE: [Full-disclosure] Virus Outbreak Attacking MS05-039 WIN2K
Previous by thread: Re: [Full-disclosure] Virus Outbreak Attacking MS05-039 WIN2K
Next by thread: RE: [Full-disclosure] Virus Outbreak Attacking MS05-039 WIN2K
Index(es):
- Date
- Thread