Author |
Topic: MS Blaster Update (Read 176 times) |
|
Mark C
CH.com Alumnus
New Board Hall of Famer
Onward through the fog.
Gender: 
Posts: 2660
|
 |
MS Blaster Update
« on: Aug 15th, 2003, 7:06pm » |
 Quote  Modify
|
Friday, August 15th
Day Five: Microsoft Dodges the MSBlast
As expected, Microsoft has shut down the "windowsupdate.com" domain at which the MSBlast worm's forthcoming attack was aimed. Since the Windows operating systems use the domain "windowsupdate.microsoft.com" rather than simply "windowsupdate.com", Microsoft has been able to preempt the worm's intended Distributed Denial of Service (DDoS) attack merely by abandoning the "windowsupdate.com" domain.
Analysis of the worm's attack code suggests that its use of the "wrong" domain may have been deliberate: The worm uses Windows' Raw Sockets to generate a spoofed source IP SYN flood attack, but it does so with deliberate gentleness. Each instance of the worm emits only 50 SYN packets per second, deliberately and significantly throttling each machine's contribution to the attack.
We can only speculate what was in the mind of the worm's author(s). But if the 200,000 instances of this worm had chosen to target "windowsupdate.microsoft.com" or even "microsoft.com" with an unthrottled Raw Socket SYN flood, a very different scenario would be playing out today and tomorrow: Microsoft.com would be gone.
But the worm's originator(s) appear to have been more interested in making a point, than in taking Microsoft.com permanently off the Internet — which they could have easily done.
As we have with previous Windows security vulnerabilities, we are developing a new free tool to fully address and cure "the DCOM problem", since Microsoft has not.
http://grc.com/default.htm
I have removed or at least assisted in the removal of at two dozen cases of this worm......whew! My arms are tired!
;D
|
|
 IP Logged |
Click The Flag
|
|
|
jonny
Guest
|
on Aug 15th, 2003, 7:06pm, Mark C wrote:| But the worm's originator(s) appear to have been more interested in making a point, than in taking Microsoft.com permanently off the Internet ? which they could have easily done. |
|
I have a problem with this, why scare when you can kill?
......................................jonny
|
|
IP Logged |
|
|
|
forgetfulnot
Guest
|
Quote:| But the worm's originator(s) appear to have been more interested in making a point, than in taking Microsoft.com permanently off the Internet — which they could have easily done. |
|
I'm not a computer geek like you seem to be, however I doub't this could be done "taking Microsoft.com permanently off the Internet". A guy named Gate's has a few bucks to track these a$$holes down along with the FBI and others. These guys are fucking with the wrong folks, don't give them so much credit.
Lee
|
|
IP Logged |
|
|
|
forgetfulnot
Guest
|
jonny, ya beet me again and I was using four fingers, gata learn how to type 
Lee
|
|
IP Logged |
|
|
|
forgetfulnot
Guest
|
So they will become richer, buy some stock, many new millionaires already have, why miss out, everything is about money. Don't think so? Miss a payment on your electric bill, they will show you how it works.
Lee
|
|
IP Logged |
|
|
|
|
|
|
Home
Help
Search
Members
Member Map
Login
Register
Reply
Notify of replies
Send Topic
Print
Remove
;D 
test rss