Hello KURT!

17 Jan 05 10:23, you wrote to me:

 KW>>> it spreads via unprotected (or poorly protected) network shares
 KW>>> and once it's compromized a system it opens up a backdoor via...
 KW>>> what part of this doesn't make sense?

 BS>>> See below, is it beeing spread both by network shares and irc
 BS>>> channels?

 KW>> sorry, i missed a word in my previous response...

 KW>> it spreads via network shares, it opens up a backdoor via irc...
 KW>> backdoors are not the same as spreading...

 BS>> Aha, that's why I mean it's impact would be very very low.
 BS>> Agreed?

 KW> do i agree? no, not really... it can still spread far and wide since
 KW> there are still plenty of clueless people with poorly protected
 KW> network shares...

Aha.. But most ISP's is filtering port 137-139/tcp ?

 KW> i kind of get the feeling that you think network shares have somehow
 KW> magically become a non-viable infection vector, but i don't think
 KW> that's necessarily true...

 KW> consider the number of people who *undo* all their security measures
 KW> by rebuilding their system from scratch (and then failing to re-apply
 KW> whatever security best practices they might have half-learned) instead
 KW> of just removing whatever virus or worm they may have had...

I guess not many people is doing that?

 KW> then
 KW> consider the number of new computer users who haven't applied any
 KW> security best practices yet... then consider the number who ignore
 KW> hardening their system in favour of simply using a firewall (which may
 KW> or may not always be there to protect them)... then consider the
 KW> number of people who just do not learn how to prevent re-infection...

Firewall is a buzz word in these days.. Personally I've no reason for using one..

 KW> in a perfect world, spreading over network shares wouldn't be very
 KW> effective - but we don't live in a perfect world...

No.. But why not use a non-standard port for doing it?

Bo


... The night is comming .. call The Night Express!
--- GoldED+/LNX 1.1.5