Security Incidents mailing list archives
Re: Lame Windows Worm
From: cbrenton () SOVER NET (Chris Brenton)
Date: Mon, 28 Feb 2000 17:50:43 -0500
".sozni" wrote:
I'd say this script isn't so lame if it managed to install itself onto your friend's startup group.
By "lame" I mean this script offers nothing unique. The fact that a system with the "C" drive shared as read/write without a password can be vulnerable to attack is nothing new. More of a stupid user than a cool new code problem.
In fact, the brilliant thing about this little script is that it demonstrates that one doesn't have to know much about networks or even programming to create their own internet worm.
But they *did not* create it, they simply made a few changes to a script that already exists on every Win98 machine. Hardly what I would refer to as "brilliant".
It is funny to me that you so harshly criticize the script and yet you say that a precondition is that one must have their entire C drive shared without a password!
Not so much criticism as trying to put it in perspective. Its not like every Windows system is vulnerable to this attack, just the ones that do not sit behind a firewall and have the entire C drive shared off read/write without a password.
And the worst thing about this whole scenario is that this "lame" little script will probably very easily replicate itself across the millions of shared and unpassworded C drives out there.
Given the number of required precondition, I doubt "millions" is accurate. Let's not be an alarmist. ;)
What I would do to this script is add in a bit of code that also looks for NT systems with blank Administrator passwords, probably doubling the ground the worm covers.
Part of the reason I did not post the entire script. ;) Cheers, Chris -- ************************************** cbrenton () sover net * Multiprotocol Network Design & Troubleshooting http://www.amazon.com/exec/obidos/ASIN/0782120822/geekspeaknet * Mastering Network Security http://www.amazon.com/exec/obidos/ASIN/0782123430/geekspeaknet
Current thread:
- Lame Windows Worm Chris Brenton (Feb 26)
- <Possible follow-ups>
- Re: Lame Windows Worm .sozni (Feb 28)
- Re: Lame Windows Worm Chris Brenton (Feb 28)