The cool thing about it is that if you are a net/sys admin, and you notice one of your computers has been compromised, you can pwn the C+C server.
these are exploits in the C+C server, not in the installed trojan. that's why its relevant. you can counterhack and pwn the person who pwned you. and thats fucking awesome On Thu, Oct 11, 2012 at 12:04 PM, Julius Kivimäki <[email protected] > wrote: > In fact, it's not a vulnerability in malware. It's a vulnerability in a > tool used to control computers infected by malicious software. But I can't > see that being relevant at all. > > 2012/10/11 <[email protected]> > >> On Wed, 10 Oct 2012 23:25:50 +0200, Pascal Ernster said: >> >> > I suppose it turns into a 0 day when you post it on this mailing list >> > and happen to be in the mood to put the vendor's marketing division on >> > BCC. >> > >> > -1 day could be when you ask a friend to check your mail to this ML for >> > major grammar errors before you post it. >> >> All this ranting about the meaning of a 0-day - and not one person has >> mentioned the fact that the vulnerability is in *malware*??!? >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
