David LightmanJan 21st, 2007 - 05:29:06

Dood, the site is milw0rm.com not millw0rm.com. You have to be careful with those typos on url's. That's how the Russian Mafia and the Red Army get Winblows users to navigate to their sites and download their malicious VML.

Anyone who thinks it will be a 'matter of time' before better and more covert exploits are developed is fooling themselves. Exploits are generally developed and used by cyber criminals _way_ before 'proof of concept' code is ever published.

After Nimda, CodeRed, Slammer, Blaster etc., Microsoft considers any non Internet wide attack as low frequency. Exploit of client's doesn't really work that great for spreading worms, as users must be lured to the malicious content; and once they have it, their browser is really in no position to serve it to another client. It takes a good server-side vulnerability or combination of both to propigate a worm worthy enough for Microsoft to admit widespread exploitation.

Now that bot-armys have become so lucrative, criminal organization's such as the Russian Mafia have put a priority on exploiting the browser. With .NET and IE getting fatter and fatter every day, it looks like the bad guys will be eating well for awhile.

My advice is to stay away from the Russian mp3 and pr0n sites; turn off all the fancy browser features. The text based 'lynx' browser works pretty well for reading the news and 'pine' is just dandy for writing e-mail. But would it really be so bad being part of a bot-army?

David Lightman

Report this comment