[34788] in bugtraq
Re: [Full-Disclosure] Re: New LSASS-based worm finally here (Sasser)
daemon@ATHENA.MIT.EDU (Jason)
Tue May 4 15:21:43 2004
Message-ID: <4097031E.10009@brvenik.com>
Date: Mon, 03 May 2004 22:42:38 -0400
From: Jason <security@brvenik.com>
MIME-Version: 1.0
To: Javier Fernandez-Sanguino <jfernandez@germinus.com>
Cc: Ben Ryan <ben@bssc.edu.au>, NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM,
bugtraq@securityfocus.com, full-disclosure@lists.netsys.com
In-Reply-To: <409606AF.8080805@germinus.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Javier Fernandez-Sanguino wrote:
[...]
>
> [1] Approaching the record of worms in other OS, which, I believe, is
> held by Scalper (10 days from patch to worm). But hey, they could browse
> the source changes for that one.
>
It did not attack an OS directly but I believe the witty worm [1] holds
the record to date. A 1 day window from advisory to release, it attacked
and destroyed a security component that was supposed to protect against
these issues...
[1] - http://www.caida.org/analysis/security/witty/
