Re: Deloder worm has resurfaced. Watch your privacy!

From: Kyle Lai (kyle@kylelai.com)
Date: 03/29/03

  • Next message: Steven L Umbach: "Re: Machine policy when user logged onto local machine" 
    From: kyle@kylelai.com (Kyle Lai)
Date: 29 Mar 2003 09:08:51 -0800

    "Nick FitzGerald" <nick@virus-l.demon.co.uk> wrote in message news:<3e84e6fc@clear.net.nz>...> There are good reasons why measured analyses of Deloder do not include
    > the password information. Further, there are compelling ethical
    > reasons for them to not include that information. The rest of your
    > analysis is a good and useful contribution, but it and your ethical
    > reputation are spolied by a couple of sentences.

    I disagree. I think you missed the point. Plus, I don't think
    anti-virus vendors looked at registry values other than the "start-up"
    registry values.

    If public did not get informed about the true problem and exploit, and
    what the worm has done, how can they protect themselves from the
    variants of this worm, which always happens? In addition, if people
    don't get the information on what EXACTLY the worm did, how do you
    know what proper actions to take to protect end-users?

    CERT advisory, http://www.cert.org/advisories/CA-2003-08.html,
    mentioend that 140,000 connections on an IRC network, which are the
    systems infected with Deloder type of worms.

    If you think the advisories and analysis are generated good awareness,
    why are there still so tens of thousands of computers out there
    infected with Deloder and other worms and Trojans, and why aren't they
    doing anything about it?

    That's why I published my article.

    Regards,
    /Kyle

    Kyle Lai, CISSP, CISA
    www.klcconsulting.net

  • Next message: Steven L Umbach: "Re: Machine policy when user logged onto local machine"

    Relevant Pages

    • Re: unidentified DOS "bad traffic" -- SOLVED
      ... The Win2K machine in question was a victim of the W32.HLLW.Deloder worm ... which is a CERT advisory (you can get it at CERT instead ... A particular host has been completely flooding the network ... My Snort output on this trace was filled ...
      (Incidents)
    • Re: Deloder worm has resurfaced. Watch your privacy!
      ... what the worm has done, how can they protect themselves from the ... know what proper actions to take to protect end-users? ... CERT advisory, http://www.cert.org/advisories/CA-2003-08.html, ... systems infected with Deloder type of worms. ...
      (comp.security.misc)