Slashdot Mirror
55808 Trojan Analysis
espo812 writes "This analysis of the 55808 trojan that has been circling the internet was just posted on Bugtraq . The good news (i guess?) is that apparentally it is just a proof of concept distributed scanner. The bad news is they think they just caught a copycat version of the origional trojan. ISS also has an analysis."
No, -1 No one cares. A dupe gets posted. BFD. A reminder of a previous story once in awhile won't kill you. Just ignore it and it'll go away (off of the front page). Chill. If you can do better, make your own metanews site. This isn't supposed to be a profession suit-and-tie site like CNN, it's a fun project for everyone who runs it. I enjoy the fun project. Now stop wasting people's mod points (or the editor's time) and stop ranting about dupes.
Sincerely,
AC
What I find most amazing is not that these exploits, worms, and trojans exist, or even that there are so many, but rather that there are so few.
We can all thank our favorite dieties (cowboy Neal included) that economics work out such that those who are most capable of writing a true "nutbuster" malware are typically getting paid to write something more productive!
Most of these worms and viruses are pretty lame - I read someplace that over 90% of worms and viruses never propogate enough to be "viable" - they are too ineffective to spread.
The Internet is an amazingly powerful communications medium - but putting your stuff online is somewhat analogous to putting your stuff in the heart of Harlem - since everywhere has a "front door" there.
The state of security on the Internet is bad, and will get worse before it gets better.
I have no problem with your religion until you decide it's reason to deprive others of the truth.
-- ;-)
Kuro5hin.org: where the good times never end.
If its very widespread (I not did yet the tcpdump trick :) could mean that it could be attached to something in some way popular, or that is in fact a worm (i.e. taking advantage of some vulnerability to spread, and then do the scanning).
I don't think my life would be noticeably different if the Internet were 100% secure tomorrow
Just because you personally aren't suffering from security problems right now means a secure internet wouldn't appear to change things much, but wait until you've been hit with a security related problem that wasted a week of time / lost you $1,000 / lost you your job / destroyed your credit rating / etc. - suddenly a secure internet becomes much more appealing.
I don't want to sound like I'm being harsh on you, but compare your statement to an extreme like "I don't think immortality is a big thing - I mean, I've been alive 35 years and I haven't died yet..."
I spent a lot of money on booze, birds and fast cars. The rest I just squandered. - George Best
...that would only yield { CR, LF, NUL, NUL } on a system with 4-bit chars.
And, uh, that would be a hard system to get any real work done on, given that there are way more than 15 characters in the alphabet.
Do daemons dream of electric sleep()?
Dude,
Technically, viruses and trojans will never prompt OS vendors to produce "better" products. This is because a virus or trojan does not necessarily take advantage of OS flaws. This trojan, for example, looks for existing backdoors and takes advantage of them. BAT.mumu and W32.deborm, of recent fame, attacked weak passwords (not weak OSs).
The *concept* of a trojan or virus implies that an idiot user invokes it. If it's the idiot user that introduces the malicious code to the system, then how is that an OS flaw? Is it a flawed OS that lets you run a program?
Viruses and trojans attack social weaknesses -- idiot users that execute attachments in Email, have weak passwords, or download programs from arbitrary web sites.
-Josh O-