Skip to comments.
Superworm To Storm The Net On 9/11
GuluFuture.com ^
| 9/1/2003
| Fintan Dunne
Posted on 09/06/2003 4:25:05 AM PDT by Mago
Our analysis of Internet virus activity, shows that on September 11th next, an advanced worm attack is set to infiltrate the Internet and could potentially halt email traffic worldwide. We need to act now.
The worm invasion will feature distributed denial-of-service (DDoS) attacks against Microsoft's website and those of anti-virus software vendors or spam prevention websites. This will hinder distribution of removal tools and prevent detection of worm spam.
The SuperWorm would combine the capabilities of recent worms/viruses. This hi-tech worm could lever itself into becoming a "WormNet" inside the existing Internet, with worms on individual infected computers sending encrypted communications to each other. Worms could exchange latest worm-code updates and get lists of new attack targets. These features would even enable them to morph into new worm generations.
Once established, the SuperWorm would be a permanent presence on the Internet. It could be scaled up and down in intensity or retargeted by its human controller(s). It could also be used to untracably broadcast to the world audience on the Internet
THE BIG ONE
The FBI just spent two weeks catching the incredibly inept teenage author of a Blaster worm variant. Meanwhile the much more dangerous threat comes from the creator(s) of the Sobig worm.
Is it just a coincidence that the Sobig.F variant expires on the 10th of September? Meaning the next release is due on September 11th.
This is an excerpt, see full article for more.
(Excerpt) Read more at gulufuture.com ...
TOPICS: News/Current Events; Technical
KEYWORDS: 2ndanniversary; 911; internet; network; trojan; virus; worm
The tone of the article strikes me a bit alarmist (the title should have been 'Superworm Could Storm The Net On 9/11'
In any case, the threats it describes seem real and possible. I work in the IS industry and keep a close eye on these things.
1
posted on
09/06/2003 4:25:06 AM PDT
by
Mago
To: Mago
The tone of the article strikes me a bit alarmist...Oh, and so accurate too.
Even as Sobig spread, the Blaster worm had already spawned an army of worms which has easily taken Microsoft's Windowsupdate.com website off-line. Try the link. It's still off-line, and not expected to return.
Actually, if we remember our history, Microsoft permanently removed windowsupdate.com from DNS.
To: Mago
I'm not worried:
3
posted on
09/06/2003 5:47:34 AM PDT
by
Jim Noble
To: Mago
Not really sure about the super worm theory, but I do know that for the last week or so there has been a major network scan on the Internet. Our Linux server has been getting scanned(Using ping to check for addresses),at a rate of 200-300 times a minute. We are currently in the process of reporting this abuse to the ISP's who manage these ip addresses or just blocking out entire IP ranges if the ISP's refuse to block access for the IP addresses causing the abuses.
To: TechJunkYard
Re:
Actually, if we remember our history, Microsoft permanently removed windowsupdate.com from DNS If the virus had exploited and attacked EBAY.COM, would the MS solution to be taking all of Ebay off line forever ?
Some solution.
5
posted on
09/06/2003 5:53:28 AM PDT
by
ChadGore
(Kakkate Koi!)
To: Mago
The most it will amount to is some net lag.
Meanwhile you can use that extra time to reflect on those victims that lost their lives on 9-11.
To: JustAnAmerican
I'm getting pinged and/or port 135 probed about every ten seconds ever since Blaster and Welchia started up.
Keyword for all is Firewall, and Zonealarm has a free one.
To: Rain-maker
"Keyword for all is Firewall, and Zonealarm has a free one.
Agreed, however as far as firewalls goes, I would invest in a hardware version. While Zonealarm is nice, any mid grade hacker can bypass a software fix. Hardware firewalls(For the individual user) are around $60.00-$70.00. Just look for a DSL/CABLE Firewall Router. Linksys,Netgear ETC. If commercial then I would suggest a Linux system for varying reasons, not the least of which is stability,Onsite Website,unlimited Email ETC.
To: JustAnAmerican
If users do not have a firewall by now, and considering the economic recession, I doubt they will spend the bucks for a hardware firewall and have it installed by the 11th. Plus with dialup, which 80% of online users still use, a free firewall works fine. ZoneAlarm is self-configuring and requires no knowledge of ports or protocols, and is much easier to use than a hardware firewall.
The firewall is like auto theft protection, anyone can break in if they really want to, but the thief is an opportunist and rather deal with the easy pickings.
Free version click here :
|
Ratings Firewalls |
 |
|
The test behind the Ratings Overall Rating combines protection, features, and ease of setup and use. Incoming protection measures how effectively the product hides your computer and prevents access to it by intruders on the Internet. Outgoing protection indicates how well the product prevents malicious software on your computer from communicating with others on the Internet. A dash means the software lacks outgoing protection. Features is our assessment of how readily you can customize the firewall. Setup/use indicates how easy the firewall's software is to install and maintain. Price is approximate retail.
|
|
|
|
 |
|
|
|
|
Firewalls
Within types, in performance order |
|
|
|
|
 |
|
|
|
Product |
Price |
Overall rating |
Protection |
Features |
Setup/Use |
Recommendations & notes |
|
Incoming |
Outgoing |
| |
 |
|
|
SOFTWARE FIREWALLS |
|
ZoneAlarm Pro 3.0 (Zone Labs) |
$50 |
 |
 |
|
|
|
Outstanding performance. Gives detailed information about intrusions. |
|
Norton Personal Firewall 2002 (Symantec) |
50 |
 |
|
|
 |
|
Outstanding performance. Security Assistant with plain English advice. Creates automatic rules for new software applications that it recognizes. Macintosh version available. |
|
Personal Firewall Pro 5.0 (Sygate) |
40 |
 |
|
|
|
|
A notch lower in performance. Lets you control incoming traffic for specific Internet addresses and time periods. |
|
McAfee Firewall 3.0 (Network Associates) |
30 |
 |
|
|
|
|
A notch lower in performance. Also bundled with company's antivirus software. |
|
BlackIce Defender (workstation) 2.9 (Internet Security Systems) |
40 |
 |
|
— |
|
|
A notch lower in performance. No phone support. Graphs events and traffic over time. Replaced by version 3.5, which manufacturer says has outgoing protection. |
|
Internet connection firewall (Included in Microsoft Windows XP Home) |
— |
 |
|
— |
 |
|
A good line of defense if your computer uses the Windows XP operating system. |
|
HARDWARE FIREWALL |
|
Etherfast Router BEFSR41 (Linksys) |
80 |
 |
|
— |
|
|
OK performance. Versatile router options for special networks. Full protection requires user to change some factory settings. |
|
|
|
|
|
To: Mago
This site is not where I'd keep a close eye on things; its credibility is low. Bad or false information can do harm as well.
11
posted on
09/06/2003 8:34:31 AM PDT
by
D-fendr
To: JustAnAmerican
SPI - Stateful Packet Inspection is what you want to see in a hardware firewall. Linksys makes a good one for around $70.
12
posted on
09/06/2003 8:46:47 AM PDT
by
Noumenon
(Those who seek the destruction of a free society are unfit to live in that same society.)
To: Rain-maker
I'm an iptables fan, especially after having found
FWBuilder which is just like CheckPoint's GUI. I can't imagine going back to editing the iptables rules by hand.
They really should port it over to Java as you have to install all this Mandrake specific windows libraries. Maybe if I got off my lazy butt I would look into using
Naked Objects to do it with. For all you programmer geeks out I there, I
highly recommend checking out that site, its an eye opener.
13
posted on
09/06/2003 10:07:36 AM PDT
by
lelio
To: Mago
s it just a coincidence that the Sobig.F variant expires on the 10th of September? Meaning the next release is due on September 11th. The variant expiring doesn't mean that another variant will immediately appear. It just means that the programmer decided to write an expiration into the code.
14
posted on
09/06/2003 10:10:51 AM PDT
by
Spiff
(Have you committed one random act of thoughtcrime today?)
To: ChadGore
"If the virus had exploited and attacked EBAY.COM, would the MS solution to be taking all of Ebay off line forever ?
Some solution. "
They wouldn't have a solution because it wouldn't be their problem...it would be Ebay's problem. And what would you have them do? keep a site that is a known target up and running to be DDoSed? What good would that do, and besides they didn't get rid of windows update as this misleading article states, they just changed the DNS name for it, it is quite alive and well at windowsupdate.microsoft.com
15
posted on
09/06/2003 10:25:39 AM PDT
by
battousai
(Hello... Hello... is this thing on?)
To: ChadGore
Some solution.Well, in this case it really was the best thing to do. Many alternatives were discussed, like pointing the host address to 127.0.0.1, and just removing the address record would have caused the least disruption to the 'net.
What would you have done?
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson
