[Esd-l] Need To Graph Usage on Rules
Brett Glass
brett at lariat.org
Sat Dec 27 12:56:55 PST 2003
At 07:44 PM 12/19/2003, John D. Hardin wrote:
>I've been graphing the quarantined messages at my place of work for a
>while now - the hits are *way* down, I think because we're DNSBL-ing
>open relays, and that takes care of a lot of the worm-infected
>systems.
I have a different theory. I think that the nature of worms and worm
developers has changed. Worms are now being used to compromise systems
quietly -- and turn them into zombies that send spam, capture information
that's useful for identity theft, etc. -- rather than to create high
profile epidemics that embarrass Microsoft.
Unlike writers who compete to build the most virulent malware, the
creators of today's worms don't want their creations to be discovered.
Why squander potentially lucrative knowledge of security holes
just to make a point (especially since the average user has proven
resistant to all demonstrations of the dangers of using Microsoft's
flawed software)? If the worm is discovered, the worm writer must find
another vulnerability via which he can slip a worm in. So, rather than
doing noticeable mass e-mails, they're trying to infect machines via
browser holes and direct network exploits. This doesn't mean that one
shouldn't continue to watch one's e-mail for worms, "bugs," etc."
However, outbreaks of mass-mailing worms are likely to be less frequent.
--Brett
More information about the esd-l
mailing list