[55227] in North American Network Operators' Group
RE: Does the Worm have another Payload besides 1434 Floods?
daemon@ATHENA.MIT.EDU (Danny)
Sat Jan 25 20:56:15 2003
From: Danny <Danny@drexel.edu>
To: 'Jack Bates' <jbates@brightok.net>,
"'Stewart, William C (Bill), SALES'" <billstewart@att.com>,
"'nanog@trapdoor.merit.edu'" <nanog@trapdoor.merit.edu>
Date: Sat, 25 Jan 2003 19:39:00 -0500
Errors-To: owner-nanog-outgoing@merit.edu
|>All disassembly analasis made shows that it is a simplistic worm designed
|>to
|>break in, execute, and start sending itself out. No system damage or host
|>embedding has been detected. The writer of the worm had no intentions of
|>causing permanent damage.
|>
For now, seeing how effective this worm was how long do you think its going to take before there are many, many variations on this worm that *DO* have malicious code and backdoor the machine in a way that will survive a reboot.
|>>
|>It's really gone after a restart.
|>
For now :)
Cheers
Danny
Network Security Engineer
Drexel University
Digital ID Print: 874f 1b77 470f 0b10 126e d8d2 c3a3 d52a 24ab 73c3
PGP Print: C6AD B205 E3C6 38AB 0164 6604 66F5 CCFC F4ED F1E0
PGP Key: http://akasha.irt.drexel.edu/danny.asc
