multi-OS infections (was Re: A code red that could bring down the net?

From: Meritt James (meritt_james@bah.com)
Date: 07/23/01

• Previous message: Todd Sabin: "Re: Using hashes, not text credentials...?"
• In reply to: Jason Lewis: "RE: A code red that could bring down the net?"
• Next in thread: Riley Hassell: "Re: multi-OS infections (Multi OS shellcode)"
• Next in thread: EPiC: "Win32.Sircam.Worm Alert....."
• Next in thread: Michael Tench: "Re: A code red that could bring down the net?"
• Reply: Riley Hassell: "Re: multi-OS infections (Multi OS shellcode)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Message-ID: <3B5C5905.AB655922@bah.com>
Date: Mon, 23 Jul 2001 13:04:05 -0400
From: "Meritt James" <meritt_james@bah.com>
To: jlewis@packetnexus.com
Subject: multi-OS infections (was Re: A code red that could bring down the net?

I am only aware of two non-OS specific infections. One operates at the
hardware level and really cares very little, if at all, for what OS is
on it (that one is sorta new. I was suprised) and the other infected
both Unix and VM systems somewhat like you described.

I would appreciate hearing of others!

V/R

Jim

Jason Lewis wrote:

[snip]

> How about this instead? A worm that is not only windows, but also unix
> based. It carries payload for each OS. It works similar to CodeRed and
> replicates itself. It also installs a zombie client and creates backdoors.
> Imagine a worm that wraps all the viruses in the 16 months into one. What
> if it actively searched out victims while also using Outlook to propagate
> itself.

[snip]

-- 
James W. Meritt, CISSP, CISA
Booz, Allen & Hamilton
phone: (410) 684-6566

---

• Previous message: Todd Sabin: "Re: Using hashes, not text credentials...?"
• In reply to: Jason Lewis: "RE: A code red that could bring down the net?"
• Next in thread: Riley Hassell: "Re: multi-OS infections (Multi OS shellcode)"
• Next in thread: EPiC: "Win32.Sircam.Worm Alert....."
• Next in thread: Michael Tench: "Re: A code red that could bring down the net?"
• Reply: Riley Hassell: "Re: multi-OS infections (Multi OS shellcode)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages multi-OS infections (was Re: A code red that could bring down the net? ... Subject: multi-OS infections (was Re: A code red that could bring down the net? ... both Unix and VM systems somewhat like you described. ... > Imagine a worm that wraps all the viruses in the 16 months into one. ... (Vuln-Dev) Re: [fw-wiz] Worms, Air Gaps and Responsibility ... > network and come back with infections? ... I'm still grappling with a way around this one. ... "Every laptop that leaves our network must go through this-and-that ... (Firewall-Wizards) RE: Update to "Code Red" Worm. Its a date bomb, not time. ... everywhere has access to OC12 connections to the internet. ... An easy method would be to break up the estimated 196K infections accross a ... Update to "Code Red" Worm. ... On the 20th all infected threads will attempt to attack ... (Vuln-Dev) Authors of Zotob/Mytob worms arrested (thought to have disabled pax screening computers) ... The arrests ... The first Zotob worm emerged Aug. 14, ... and ABC News -- reported widespread infections by the worm. ... Mytob to steal personal information from infected computers and to ... (rec.travel.air) RE: Update to "Code Red" Worm. Its a date bomb, not time. ... Update to "Code Red" Worm. ... An easy method would be to break up the estimated 196K infections accross a ... On the 20th all infected threads will attempt to attack ... Remember, each host can be infected multiple times, meaning that a single ... (Security-Basics)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)