SecurityFocus

Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Jan 25 2003 11:17AM
Umit Tiric (umitt softcom biz) (1 replies)

Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Jan 25 2003 11:35AM
Jay D. Dyson (jdyson treachery net) (1 replies)

RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Jan 25 2003 09:40PM
Jason Coombs (jasonc science org) (4 replies)

Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Jan 25 2003 11:59PM
Charles Miller (cmiller pastiche org)

Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Jan 25 2003 11:37PM
Colm MacCárthaigh (colmmacc Redbrick DCU IE) (1 replies)

RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Jan 25 2003 11:53PM
Jason Coombs (jasonc science org) (1 replies)

Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Jan 26 2003 12:45AM
Colm MacCárthaigh (colmmacc Redbrick DCU IE)

RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Jan 25 2003 11:12PM
Jay D. Dyson (jdyson treachery net)

RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Jan 25 2003 11:11PM
Richard M. Smith (rms computerbytesman com) (1 replies)

However, this worm might not be so harmless as it appears because of
collateral damage:

Bank of America ATMs Disrupted by Virus

http://story.news.yahoo.com/news?tmpl=story&ncid=578&e=3&cid=569&u=/nm/2

0030125/tc_nm/tech_virus_dc

"SEATTLE (Reuters) - Bank of America Corp. said on
Saturday that customers at a majority of its 13,000
automatic teller machines were unable to process
customer transactions after a malicious computer worm
nearly froze Internet traffic worldwide."

Richard M. Smith
http://www.ComputerBytesMan.com

-----Original Message-----
From: Jason Coombs [mailto:jasonc (at) science (dot) org [email concealed]]
Sent: Saturday, January 25, 2003 4:41 PM
To: Jay D. Dyson; Bugtraq
Subject: RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!

Jay Dyson wrote:
> And to think...up until tonight, I thought the vulnerabilities
> that paved the way for Nimda were the worst that Microsoft could do
> to the net.community. They've really topped themselves this time.

As of now we don't know who wrote the worm, but we do know that it looks
like a concept worm with no malicious payload. There is a good argument
to
be made in favor of such worms. Whomever did write this worm could have
done
severe damage beyond unfocused DDoS and chose not to do so. One would
expect
intelligence agencies in developed countries to write and release
precisely
this type of concept worm as a form of mass inoculation against
malicious
attacks.

Before you get upset at your vendor, or anyone else's, consider the
bigger
picture and recognize the increased security hardening the Internet just
received. Belief in this silver lining shouldn't be taken too far, of
course, but flaming anyone over an event like this is misplaced
considering
the number of infosec experts who would probably have agreed to write
this
worm if approached by their nations' government with proof that an
adversary
was planning to cause severe harm by exploiting the W32/SQLSlammer
vulnerability.

Sincerely,

Jason Coombs
jasonc (at) science (dot) org [email concealed]

[ reply ]

RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Jan 26 2003 01:08AM
Brian McGrogan (brian encinc com) (2 replies)

Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Jan 26 2003 12:48AM
Andrew Emerson (westy vividhosting com)

Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Jan 26 2003 12:46AM
peloy chapus net (Eloy A Paris)