Billy and his backdoor...
Brian Densmore
DensmoreB at ctbsonline.com
Tue Aug 12 22:07:23 CDT 2003
I wasn't spreading rumors. I read it on either CNN or a
freshmeat link. The windows update site *was* cracked on
Saturday. Maybe it was unrelated to the worm, maybe not.
I am aware of how the worm works, but I haven't analyzed
the code. It is possible that it has a different payload
if it infects a M$ server than other servers. It may also
be a different variant. I only scanned the article so
can't say for certain if they indicated the exact infection.
If I remember the worm uses lftp to download a payload,
so how is it they could not be related? It is certainly possible
to download an activex executable via lftp.
regards,
Brian
> -----Original Message-----
> From: Michael Schuermann [mailto:lists at schuermann.us]
> Sent: Tuesday, August 12, 2003 4:44 PM
> To: kclug at kclug.org
> Subject: RE: Billy and his backdoor...
>
>
> ummm, I doubt it, because the worm has nothing to do with
> ActiveX.... if
> you've looked at how the worm transmits itself, you'd see
> that they could
> not be related at all. Who knows why such an error message
> was received from
> WindowsUpdate.com on Saturday, but it wouldn't have been this worm.
>
> Make sure you know your facts before spreading rumors...
>
> Michael Schuermann
>
> -----Original Message-----
> From: owner-kclug at marauder.illiana.net
> [mailto:owner-kclug at marauder.illiana.net] On Behalf Of Brian Densmore
> Sent: Tuesday, August 12, 2003 4:10 PM
> To: KCLUG (E-mail)
> Subject: RE: Billy and his backdoor...
>
>
> Also, for those that didn't catch it. Someone one this list
> or kulua pointed
> out a unsafe activeX message from the update sight on
> Saturday. Which according to the news was because the Windows
> sight got
> infected with the worm which the patch is supposed to fix.
> Now how negligent
> can these folks at M$ be? They have been spouting for weeks
> that people need
> to apply the patch, but they didn't even apply the patch to the server
> serving up the patch!?!??!?!?!?!??!? Now that's ***LAME***. roflmao
>
> Brian
>
>
>
>
> majordomo at kclug.org
>
>
>
>
> majordomo at kclug.org
>
More information about the Kclug
mailing list