[67028] in North American Network Operators' Group
Re: Impending (mydoom) DOS attack
daemon@ATHENA.MIT.EDU (Stephen J. Wilcox)
Sat Jan 31 13:25:25 2004
Date: Sat, 31 Jan 2004 18:24:42 +0000 (GMT)
From: "Stephen J. Wilcox" <steve@telecomplete.co.uk>
To: Donovan Hill <lists@lazyeyez.net>
Cc: Leo Bicknell <bicknell@ufp.org>, <nanog@merit.edu>
In-Reply-To: <200401301756.02486.lists@lazyeyez.net>
Errors-To: owner-nanog-outgoing@merit.edu
> For the record, I fully believe that this worm (both variants) is designed to
> attack high profile targets in order to take the focus off of it's spamming
> capability and create uncertainty as to what group actually authored the
> worm. It is my firm belief that this worm was written by spammers for the
> purpose creating spam relays.
I'm not sure what the point of the DoS is if its intended to be a spam engine,
that would have the effect of helping to identify and hence clean up the
infections.
Of course we're guessing about the spam connection, it doesnt have a spam engine
in it, the mail capabilities are purely to redistribute itself... to do spam you
need to add the engine via the backdoor.
I'm tempted to think its nothing more than a bot and the backdoor is to allow
the controller to go in and change its target. The DoS engine isnt that well
written tho, this is odd too...
Oh well, I guess we'll see tomoro!
Steve
