Tuesday, March 11, 2003

The Sky is Falling! The Sky is Falling!

ZDNet should be ashamed of themselves. A recent article is entitled "Worm paves way for crippling DDoS attack" but somehow falls short of living up to its title.

"Although the experts are not yet rating this worm as a high-risk to users, the technical make-up of the Trojans it leaves behind is of concern. " To tell the truth, I don't think this worm will ever rate high on anyone's scale. It supposedly replicates by exploiting weak password protection on network shares. This has been tried before.

Botnets used in DDoS attacks we've seen before. What makes this one different? Because VNC is included? It's an interesting twist but not something that would make this a dangerous worm.

"The SANS Institute's Internet Storm Centre, a research group that monitors the Internet for attacks, have lifted their alert status from green to yellow." Really? It's green right now (20 hours after the release of the article) on both the SANS and ISC websites (okay, they're the from the same source).

VNC and DDoS should not be used in the same phrase. VNC exports your desktop rather than allowing access to the services below. In other words, it allows use of your mouse and desktop and requires individual interaction with a user. While you CAN script mouse actions and key presses, I doubt it's a viable vector for DDoS attacks (remember, VNC on Microsoft boxes share a common desktop with the local user).

ZDNet, please explain! We've seen botnets before. What's worse about this worm? What's the worms name? Why is the article so vague?

While this type of article might make for great reading amongst non-techies (and for ratings overall), it hurts the industry in the long run.

If I'm full of it, fire when ready! Otherwise, faugh!

No comments:

Post a Comment