> Yes but like you said it uses an angelfire page, If you take
> it down the virus is stopped If it gets too succesfull
> bandwidth limits are exceeded. So it will never widely spread
> that way If someone where to include a webserver in the worm
> there's no single point of failure
Exactly why:
A. This trojan is dead now.
B. The author kept releaseing clones/varaiants with different URL's.
It condusted massive spamming for itself, then died. Same thing with the
next variant.
As I wrote in my email, this trojan horse's success was propelled by the
author releasing _new_ clones "all the time" from different URL's. It
was never built to last. It was build to destroy.
As to never widely spreading... It did. :/
But your points are valid for the regular "things" we see out there.
Gadi Evron (i.e. ge),
[EMAIL PROTECTED]
--------
[EMAIL PROTECTED] -
PGP Key: 2048/2048 (Size) 0x2D3D6741 (ID).
Fingerprint: 0EB3 00BC 974B 3C2B 336D 6486 ECA5 2D0D 2D3D 6741.
The Trojan Horses Research mailing list - http://ecompute.org/th-list
My resume (Hebrew) - http://vapid.reprehensible.net/~ge/resume.rtf
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
