[iwar] Re: China Skeptical Code Red PC Worm of Chinese Origin

From: ellisd@cs.ucsb.edu
Date: 2001-08-02 04:51:22


Return-Path: <sentto-279987-1536-996753088-fc=all.net@returns.onelist.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Thu, 02 Aug 2001 04:52:08 -0700 (PDT)
Received: (qmail 12842 invoked by uid 510); 2 Aug 2001 10:53:49 -0000
Received: from n11.groups.yahoo.com (216.115.96.61) by 204.181.12.215 with SMTP; 2 Aug 2001 10:53:49 -0000
X-eGroups-Return: sentto-279987-1536-996753088-fc=all.net@returns.onelist.com
Received: from [10.1.4.52] by c3.egroups.com with NNFMP; 02 Aug 2001 11:51:28 -0000
X-Sender: ellisd@cs.ucsb.edu
X-Apparently-To: iwar@yahoogroups.com
Received: (EGP: mail-7_2_0); 2 Aug 2001 11:51:27 -0000
Received: (qmail 69847 invoked from network); 2 Aug 2001 11:51:27 -0000
Received: from unknown (10.1.10.26) by m8.onelist.org with QMQP; 2 Aug 2001 11:51:27 -0000
Received: from unknown (HELO n31.groups.yahoo.com) (10.1.2.220) by mta1 with SMTP; 2 Aug 2001 11:51:26 -0000
X-eGroups-Return: ellisd@cs.ucsb.edu
Received: from [10.1.10.96] by hp.egroups.com with NNFMP; 02 Aug 2001 11:51:25 -0000
To: iwar@yahoogroups.com
Message-ID: <9kberq+93kj@eGroups.com>
In-Reply-To: <20010801141020.15769.qmail@web14502.mail.yahoo.com>
User-Agent: eGroups-EW/0.82
X-Mailer: eGroups Message Poster
X-Originating-IP: 128.29.4.1
From: ellisd@cs.ucsb.edu
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Thu, 02 Aug 2001 11:51:22 -0000
Reply-To: iwar@yahoogroups.com
Subject: [iwar] Re: China Skeptical Code Red PC Worm of Chinese Origin
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

--- In iwar@y..., "e.r." <fastflyer28@y...> wrote:
> 
> --- Fred Cohen <fc@a...> wrote:
> > JUL 31, 2001
> > China Skeptical Code Red PC Worm of Chinese Origin
> > By REUTERS
> > Filed at 8:27 a.m. ET
[snip]

> > ``I've never heard of anything so powerful in China.
> > This is not something that an ordinary person has the
> > skill to create,'' said the expert at the State Office
> > of Network and Information Safety who gave his surname
> > as Fang.
> > 
> This centralized state comp organizations along with Bejong Rising 
are
> China's Top Guns on Iwar.  This could be some of the best OPSEC, or
> disinformation in the float, but I doubt it.  While China has good 
CS
> people, the majority of whom we trained, it has fiscal limits and
> governmental lack of understanding.  Unless the Boys from Bejing see
> you as a hugh vlaue added, you will be treated as a mass of 
analysts,
> no room for young guns with us training to show their stuff
> individually, for the most part.
> 
> No question that Code Red is Bad Stuff but unless we have a better
> handle on who and why, will are still just fighting fires, usless a
> large cash infusion this problem is fothcomming.

I don't really think the "who" and "why" really matter right now.  The 
"how" is the only really important question.  The "who" doesn't matter 
because anybody (any motivated computer geek) could do it.  The rash 
of worms over the last year, with the exception of this code red worm, 
have all come out of the same mold.  Many of the worms reused code 
from past worms and just replaced the exploit being used and the lines 
of code that determined what the worm did when it infected a host.  
Anybody who can read code and write low-level code could have 
(relatively easily) created a new worm (uses a different exploit to 
propagate).  For every permutation of exploits out there (and there 
are thousands of exploits), a new worm is possible.  Until we are able 
to better patch our systems (bad solution) or create more secure 
systems (better, but harder solution), worms are going to continue to 
be a problem.  Attribution will be nearly impossible and meaningless.



------------------------ Yahoo! Groups Sponsor ---------------------~-->
Small business owners...
Tell us what you think!
http://us.click.yahoo.com/vO1FAB/txzCAA/ySSFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:38 PDT