RE: [Full-Disclosure] recent RPC/DCOM worm thought

From: Kerry Steele (
Date: 08/13/03

  • Next message: Gabe Arnold: "(forw) [ Re: [Full-Disclosure]]"
    To: "Eichert, Diana" <>, <>
    Date: Wed, 13 Aug 2003 14:20:22 -0500

    Interesting thought, but I would have to say that it really goes deeper
    than that.

    If Microsoft were as evil an empire as they are perceived to be, then
    wouldn't they already have the backdoor to your system to apply the
    patch anyway? If so then why go throught the pain in the ass to write a
    shotty worm and draw bad publicity to the company?

    Think about the anti-virus companies and, well, every security software
    product out there, that is racing to be the "first" to detect or
    remediate X new variant of the worm. What an opportunity for market
    traction and visibility, wouldn't you say?

    My USD 0.02.


    -----Original Message-----
    From: Eichert, Diana []
    Sent: Wednesday, August 13, 2003 7:42 AM
    To: ''
    Subject: [Full-Disclosure] recent RPC/DCOM worm thought

    I've been thinking about how "poorly" this worm was
    written and how it really wasn't very malicious, just
    very time consuming, forcing people/companies to
    install patches to their systems.

    Now here's an alternative thought about it.

    What if "someone" purposely wrote this worm to get
    the attention of people to patch their systems, not
    to DOS the mickeysoft upgrade site. If they really
    wanted to create a DOS against a website they wouldn't
    have postponed it for 4 days. That's a long time in
    today's world.

    I mean if you were mickeysoft and there was a known
    security hole wouldn't it be in you best interest to
    have the first real exploit of it be relatively benign?
    It gets everyone's attention and they are forced to
    install the latest security patch.

    anyway, my US$.02 worth

    Full-Disclosure - We believe in it.
    Full-Disclosure - We believe in it.

  • Next message: Gabe Arnold: "(forw) [ Re: [Full-Disclosure]]"