Re: Flash Worms

From: jaywhy (jaywhy2@home.com)
Date: 08/18/01

Previous message: Robert Graham: "Re: Flash Worms"
Maybe in reply to: Stuart Staniford: "Flash Worms"
Next in thread: Dragos Ruiu: "Re: Flash Worms"
Reply: Dragos Ruiu: "Re: Flash Worms"
Reply: Shoten: "Re: Flash Worms"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sat, 18 Aug 2001 13:15:45 -0400
Subject: Re: Flash Worms
From: jaywhy <jaywhy2@home.com>
To: Michal Zalewski <lcamtuf@gis.net>, Stuart Staniford <stuart@silicondefense.com>
Message-ID: <B7A41B00.1248%jaywhy2@home.com>

It really wouldn't matter even if you only got to 20%, 10% or even 5% of the
vulnerable hosts. Those computer running a DDOS attack against anything
would completely destroy it.

According to netcraft http://www.netcraft.co.uk/survey/ there is over 7
million apache web servers that are up. Now if you found an exploit like
the one code red exploited in apache. Even if you only got to 20% of the
web servers with the payload, that still a good million or so servers out
there infected. What if this worm happened to be really malicious and
trashed web sites, deleted hard drives, or run some sort of DDOS attack.
Even spawn some kinda nuke program in the internal network hooked up to the
web server. Lord knows there is never a shortage of new nukes out for
windows flavors.

Now I do doubt anyone who would release this would have access to a OC-12
line to release the payload. But that doesn't mean he/she couldn't hack
into a site that does. Or hack into multiple sites and release the payload
from multiple sites at one time.

We talk about this kinda attack now and don't believe it. But someone
wanting to prove you all wrong will do it, and it will probably happen it
just depends on when.

-- Jason Yates jaywhy2@home.com

---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com

Previous message: Robert Graham: "Re: Flash Worms"
Maybe in reply to: Stuart Staniford: "Flash Worms"
Next in thread: Dragos Ruiu: "Re: Flash Worms"
Reply: Dragos Ruiu: "Re: Flash Worms"
Reply: Shoten: "Re: Flash Worms"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Flash Worms
... Subject: Flash Worms ... million apache web servers that are up. ... trashed web sites, deleted hard drives, or run some sort of DDOS attack. ... Or hack into multiple sites and release the payload ...
(Focus-IDS)
Re: Redirection based on port
... most of the services don't run on actual web servers. ... They are apps ... The whole idea of host headers is to run multiple sites on a single server ... without even the implied warranty of merchantability ...
(microsoft.public.win2000.dns)
Re: Web Servers
... The X1 version is free and runs a single site whilst the X2 allows multiple sites and is only $70. ... Bakshi wrote: ... Can anybody tell me that Other than IIS which are other web servers ...
(microsoft.public.dotnet.framework.aspnet)