Re: [iwar] Why Code Red is never going to Spread Exponentially

• Next message: Fred Cohen: "[iwar] news"
• Previous message: Fred Cohen: "Re: [iwar] Why Code Red is never going to Spread Exponentially"
• In reply to: e.r.: "Re: [iwar] Why Code Red is never going to Spread Exponentially"
• Next in thread: Gary Warner: "Re: [iwar] Why Code Red is never going to Spread Exponentially"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Return-Path: <gar@askgar.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Sat, 04 Aug 2001 06:43:10 -0700 (PDT)
Received: (qmail 3451 invoked by uid 510); 4 Aug 2001 12:43:09 -0000
Received: from tisch.mail.mindspring.net (207.69.200.157) by 204.181.12.215 with SMTP; 4 Aug 2001 12:43:09 -0000
Received: from askgar.com (user-33qt3nc.dialup.mindspring.com [199.174.142.236]) by tisch.mail.mindspring.net (8.9.3/8.8.5) with ESMTP id JAA05324; Sat, 4 Aug 2001 09:41:16 -0400 (EDT)
Message-ID: <3B6C1701.AC4C2F8A@askgar.com>
Date: Sat, 04 Aug 2001 08:38:41 -0700
From: Gary Warner <gar@askgar.com>
X-Mailer: Mozilla 4.73 [en] (Win98; U)
X-Accept-Language: en
To: fastflyer28@yahoo.com, fc@all.net
Subject: Re: [iwar] Why Code Red is never going to Spread Exponentially
References: <20010804055522.20087.qmail@web14503.mail.yahoo.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

*NOT FOR LIST DISSEMINATION*

uh, glad to be included in the "realist" category, but you're dead wrong
on the China thing, e.r.
All these people who don't bother to learn Chinese and infiltrate
Chinese hacker groups are declaring what they "know" about China.  Makes
me sick.

There are several very talented hard core Chinese programmers who
released, in early July, .idq buffer overflow exploits that could detect
various languages and service packs of NT and exploit appropriately.
These were coded in Assembler and triggered via the same "GET"
methodology that Code Red uses.

These were coded, using as a major resource, the article from Phrack
issue 55 on writing buffer overflows for Windows 32 programs.  Who wrote
that?  Dark Spyryt.  Yes, the same guy who announced this particular
buffer overflow to eEye.

His article was discussed (in Chinese) at length following its posting
July 3rd to bbs.nsfocus.com.

Many .idq overflow programs, VERY well coded, were released, improved
upon, and rereleased over the next two weeks.  One programmer, "isno",
invited those who had ideas for a "masterful payload" to contact him
privately.  On July 10th.

I think it is VERY likely that his working group crafted Code Red.

• Next message: Fred Cohen: "[iwar] news"
• Previous message: Fred Cohen: "Re: [iwar] Why Code Red is never going to Spread Exponentially"
• In reply to: e.r.: "Re: [iwar] Why Code Red is never going to Spread Exponentially"
• Next in thread: Gary Warner: "Re: [iwar] Why Code Red is never going to Spread Exponentially"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:39 PDT