Clusterheadaches.com Message Board (http://www.clusterheadaches.com/cgi-bin/yabb/YaBB.cgi)
New Message Board Archives >> 2003 Posts >> MS Blaster Update
(Message started by: Mark C on Aug 15th, 2003, 7:06pm)

Title: MS Blaster Update
Post by Mark C on Aug 15th, 2003, 7:06pm
Friday, August 15th

Day Five: Microsoft Dodges the MSBlast
As expected, Microsoft has shut down the "windowsupdate.com" domain at which the MSBlast worm's forthcoming attack was aimed. Since the Windows operating systems use the domain "windowsupdate.microsoft.com" rather than simply "windowsupdate.com", Microsoft has been able to preempt the worm's intended Distributed Denial of Service (DDoS) attack merely by abandoning the "windowsupdate.com" domain.

Analysis of the worm's attack code suggests that its use of the "wrong" domain may have been deliberate: The worm uses Windows' Raw Sockets to generate a spoofed source IP SYN flood attack, but it does so with deliberate gentleness. Each instance of the worm emits only 50 SYN packets per second, deliberately and significantly throttling each machine's contribution to the attack.

We can only speculate what was in the mind of the worm's author(s). But if the 200,000 instances of this worm had chosen to target "windowsupdate.microsoft.com" or even "microsoft.com" with an unthrottled Raw Socket SYN flood, a very different scenario would be playing out today and tomorrow: Microsoft.com would be gone.

But the worm's originator(s) appear to have been more interested in making a point, than in taking Microsoft.com permanently off the Internet — which they could have easily done.



As we have with previous Windows security vulnerabilities, we are developing a new free tool to fully address and cure "the DCOM problem", since Microsoft has not.



http://grc.com/default.htm


I have removed or at least assisted in the removal of at two dozen cases of this worm......whew! My arms are tired!

;D

http://tinyurl.com/k69q

Title: Re: MS Blaster Update
Post by jonny on Aug 15th, 2003, 7:19pm

on 08/15/03 at 19:06:49, Mark C wrote:
But the worm's originator(s) appear to have been more interested in making a point, than in taking Microsoft.com permanently off the Internet ? which they could have easily done.


I have a problem with this, why scare when you can kill?

......................................jonny

Title: Re: MS Blaster Update
Post by forgetfulnot on Aug 15th, 2003, 7:24pm

Quote:
But the worm's originator(s) appear to have been more interested in making a point, than in taking Microsoft.com permanently off the Internet — which they could have easily done.


I'm not a computer geek like you seem to be, however I doub't this could be done "taking Microsoft.com permanently off the Internet". A guy named Gate's has a few bucks to track these a$$holes down along with the FBI and others. These guys are fucking with the wrong folks, don't give them so much credit.

Lee

Title: Re: MS Blaster Update
Post by forgetfulnot on Aug 15th, 2003, 7:31pm
jonny, ya beet me again and I was using four fingers, gata learn how to type ::)

Lee

Title: Re: MS Blaster Update
Post by Mark C on Aug 15th, 2003, 8:04pm
Microsoft Purchases Evil From Satan
(http://bbspot.com/news/2000/4/MS_Buys_Evil.html)

;D   ;D

http://tinyurl.com/k6dw

Title: Re: MS Blaster Update
Post by forgetfulnot on Aug 15th, 2003, 8:19pm
So they will become richer, buy some stock, many new millionaires already have, why miss out, everything is about money. Don't think so? Miss a payment on your electric bill, they will show you how it works.

Lee



Clusterheadaches.com Message Board » Powered by YaBB 1 Gold - SP 1.3.1!
YaBB © 2000-2003. All Rights Reserved.