Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: phpBB Worm writers are dumb

From: Stian Øvrevåge <sovrevage () gmail com>
Date: Tue, 4 Jan 2005 08:47:32 +0100
On Mon, 3 Jan 2005 17:40:28 +0100, EmirAga <emiraga () emiraga com> wrote:

lots has passed since releasing a phpbb worm by some stupid people, i will
list my oppinion about it.

- why release a worm? not sure about newer ones, but first one did not do
anything, so, whats the point?. Worm will warn whole world about
vulnerability and most of servers will patch it, without worm it would stay
just another bug in their forum and most non will worry about it. Security
_penetators_ are loosing their jobs because of you.



So, releasing a worm that does nothing but warn the world and getting
the holes patched? I would agree this is stupid from a black-hat's
point of view, but I think it's better that some kiddies exploit and
expose the vuln/exploit than some organized criminals. Have you ever
done something for the kick off it? The message I'm replying to now,
is there a point? Except saying they are stupid?



- first worm sent a thousand requests before infection. The newer one do
'wget' it from static http location. STUPID. Simply worm could send his self
by POST or FILE_UPLOAD method since they are not written in logs. In logs
would be written a small request that most administrators will not notice.
what's wrong with eval($_POST[x])?


It is possible for the authors to replace the scripts and hence, load
different payloads as time goes, it hasn't been done, but it is a
possibility. I would say this is harder with self-carrying code.


- first worm wrote his self to current directory, we all know that in most
cases this will fail. Better solution would be to write to /tmp, or even
better to use upload $_FILES[worm][tmp_name]. So stupid!

- Why didn't they removed comments and replaced their variables with smaller
ones, so worm will go faster.


Agree with this one, it's not very "nice" code to look at, especially
when it's in some strange foreign language.


i just hope no one will rewrite its code with newer _version_ cuz then i will
be the stupid one here.

just wanted to say that worm writing sucks and real programmer will never
release one.

greets


I myself are fascinated by worms, but then again I'm not a real programmer.

My two cents
- Stian
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: