Vulnerability Development mailing list archives
Re: Publishing Nimda Logs - Summary
From: "Deus, Attonbitus" <Thor () HammerofGod com>
Date: Wed, 08 May 2002 10:42:41 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 10:09 AM 5/8/2002, Jonathan Bloomquist wrote:
I lean more to the side of shaming the admins into fixing them than ignoring them. However, sending a message is one thing, but actually patching their box is going a bit too far for me even if it is to help them. Warn 'em, shame 'em, scream at 'em, and mail bomb their ISP until they take action, but make each site patch themselves. "If we kill 'em they won't learn nuthin'."
Great quote... Just so as everyone knows, I was not saying that you advocated a reverse-patch... I was just pointing out use of the root.exe (I know- just the mention of that file in text will cause me to receive many "You are infected!" auto-responders) was cool- from a technical standpoint. Someone in another post actually brought up patching the box, and I was running with it. Here is what I want to do- Discussing the theory and legality and all that is fine, but does not really get us anywhere. I am willing to dedicate time to this to experiment if there is someone out there with the technical expertise to pull it off. I'll even host it on hammerofgod.com to test it in the wild. The first thing to do is to determine exactly what is necessary to patch the system, or if an actual "patch" is even necessary. I wrote a little app called Mutex (in the downloads section of www.hammerofgod.com) that loads a named mutex that prevents Nimda from running.- something like that would be an easy place to start. I know many of you are vehemently opposed to any sort of action like this, but we're talking 5 billion attempts per day, and something has to be done about it. Let's get a working model on the table, prove it works, and then see what happens. AD -----BEGIN PGP SIGNATURE----- Version: PGP 7.1 iQA/AwUBPNljkYhsmyD15h5gEQKwUACaAslIUpSt7qbhpsTLlIMHsIk5kWoAoPZp yjLTFCUdG3lbNPEcswGGP5lT =ErcF -----END PGP SIGNATURE-----
Current thread:
- Re: Publishing Nimda Logs - Summary Jonathan Bloomquist (May 08)
- Re: Publishing Nimda Logs - Summary Deus, Attonbitus (May 08)
- Lessons learned writing exploits Iván Arce (May 08)
- <Possible follow-ups>
- Publishing Nimda Logs - Summary Deus, Attonbitus (May 08)
- Re: Publishing Nimda Logs - Summary Blue Boar (May 08)