[svlug] Umm... Incoming.

[Dagmar d'Surreal]

On Sun, 5 Aug 2001, Dagmar d'Surreal wrote:

> So literally, all that needs to be done for an attacker to harvest a
> number of these hosts is to wait for them to come scanning, and then
> upload a more flexible trojan into the system that turns off the bootstrap
> worm (Code Red II).  As much as people are referring to this worm as
> "warning shot" or "wakeup call", I really think it's likely to be the last
> one of it's kind.  Expect the next one to do something rather ugly from
> the word go.  Actually, I frankly expect that what's going to happen is in
> a few more days, someone is likely to drop the _other_ half of this worm
> onto the net, to let it propagate into the machines that have been rather
> thoroughly compromised by Code Red II, and all they'll have to do is seed
> one or two machines in each classed network with the next stage loader,
> and well, I doubt they'll all start crunching RC5 keys.

Just to cover my ass (since my CISSP has technically expired now) if it
DOES happen to come to pass that someone puts a counterpart to Code Red II
on the net in the next few days that uses it as the bootstrap that it was
apparently intended to be, and large chunks of the internet, city power
grids, various utilities infrastructures, and or the fabric of space-time
itself burst into flaming shrapnel, I would like to point out that I was
merely *speculating* on what motives and mechanisms might exist, and am
completely innocent of any wrongdoing so there will be no need to send
jarheaded thugs with guns to my apartment.

I merely *think* like a super-villain.  I do not play one in real life.