WMF Threat OK , but no huge attack ... WHY ?

---

• From: k levinson <levinson_k@xxxxxxxxx>
• Date: Mon, 9 Jan 2006 13:30:40 -0800 (PST)

---

The threat was a bit overrated, or at least that's not
the kind of threat this was. Vulnerabilities like
this are unlikely to become a worm with the widespread
impact of a Blaster, Slammer or Sober because it
doesn't spread from PC to PC via a listening network
service. I suppose if a prolific, time tested email
worm like Sober had taken the WMF vulnerability and
used it to install a proxy / DDoS Trojan, it could
maybe have spread more widely with more damage caused.

There were rumors of hundreds of thousands to millions
of systems being infected; those rumors were probably
incorrect. Antivirus may have done a better job at
protecting against this than people expected. AV
vendors reported hundreds of thousands to millions of
WMF exploit files being detected and blocked. I
believe there were lots and lots of infection
attempts, just not lots and lots of infected systems.

The exact same thing happened with Download.ject last
year. There was lots of panic and screaming, but few
systems were actually infected. Microsoft stated that
their "intelligence" showed this to again be true this
time around, but their statement was generally laughed
at. Given that they offer a free phone number for
helping any customer with any infection problems, I
would expect Microsoft to have at least some insight
into this.

kind regards,
karl levinson

> -----Original Message-----
> From: pejman.gohari@xxxxxxxxx
[mailto:pejman.gohari@xxxxxxxxx]

> The WMF threat was and continues to be important.
> But I?m curious to know why we didn?t observe any
important
> attack on Internet?

> No BOT virus deployed? No DOS worm attack? ?
>
> Any hypothese / explanation ?



__________________________________________
Yahoo! DSL ? Something to write home about.
Just $16.99/mo. or less.
dsl.yahoo.com

---

• Prev by Date: Re: WMF Threat OK , but no huge attack ... WHY ?
• Next by Date: Re: WMF Threat OK , but no huge attack ... WHY ?
• Previous by thread: Re: WMF Threat OK , but no huge attack ... WHY ?
• Next by thread: RE: WMF Threat OK , but no huge attack ... WHY ?
• Index(es):
  • Date
  • Thread

---

Relevant Pages CERT Advisory CA-2003-04 MS-SQL Server Worm ... code that most likely exploits two vulnerabilities in the Resolution ... traffic generated between hosts infected with the worm targeting SQL ... Activity of this worm is readily identifiable on a network by the ... protection whatsoever against the initial infection of systems. ... (Cert) Re: My Doom Creators - incomprehensible ... your project is not a target; a worm has ... Usenet newsgroup using what appears to be a valid email address. ... e-mail for virus infection. ... the worm can harvest a lot of e-mail addresses to send itself to. ... (microsoft.public.security.virus) Re: Sophisticated Bogus Microsoft Patch SPAM ... Below is a description of the 'swen' worm and its effects. ... e-mail for virus infection. ... I must empty my mailbox every 5 minutes, ... ISP; send them this URL ... (microsoft.public.security.virus) Re: Watch out for this ... The 'swen' worm and its effects, ... there is not much you can do to stop the flood. ... e-mail for virus infection. ... You can use a remote virus scan from one of the antivirus program ... (microsoft.public.security.virus) Re: Mailbox is full ... The flood of e-mail is being generated by the 'swen' worm. ... Only your ISP can stop the flood of 'swen' generated e-mail; ... e-mail for virus infection. ... (microsoft.public.security.virus)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)