Re: Lame Windows Worm

[cbrenton () SOVER NET (Chris Brenton)]

".sozni" wrote:
> I'd say this script isn't so lame if it managed to install itself onto your
> friend's startup group.

By "lame" I mean this script offers nothing unique. The fact that a
system with the "C" drive shared as read/write without a password can be
vulnerable to attack is nothing new. More of a stupid user than a cool
new code problem.

> In fact, the brilliant thing about this little script
> is that it demonstrates that one doesn't have to know much about networks or
> even programming to create their own internet worm.

But they *did not* create it, they simply made a few changes to a script
that already exists on every Win98 machine. Hardly what I would refer to
as "brilliant".

> It is funny to me that
> you so harshly criticize the script and yet you say that a precondition is
> that one must have their entire C drive shared without a password!

Not so much criticism as trying to put it in perspective. Its not like
every Windows system is vulnerable to this attack, just the ones that do
not sit behind a firewall and have the entire C drive shared off
read/write without a password.

> And the worst thing about this whole scenario is that this "lame" little
> script will probably very easily replicate itself across the millions of
> shared and unpassworded C drives out there.

Given the number of required precondition, I doubt "millions" is
accurate. Let's not be an alarmist. ;)

> What I would do to this script is
> add in a bit of code that also looks for NT systems with blank Administrator
> passwords, probably doubling the ground the worm covers.

Part of the reason I did not post the entire script. ;)

Cheers,
Chris

--
**************************************
cbrenton () sover net

* Multiprotocol Network Design & Troubleshooting
http://www.amazon.com/exec/obidos/ASIN/0782120822/geekspeaknet
* Mastering Network Security
http://www.amazon.com/exec/obidos/ASIN/0782123430/geekspeaknet