Vulnerability Development mailing list archives
Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)
From: Markus Kern <markus-kern () gmx net>
Date: Fri, 07 Sep 2001 13:50:15 +0200
"Stanley G. Bubrouski" wrote:
On Thu, 6 Sep 2001, Markus Kern wrote:
<snip>
I absolutely understand your concerns. Personally I wouldn't want anyone else to execute code on my machines either but a patch has been available for months now. Every admin who cares about her systems has already fixed them ( I'm aware that it may be difficult to apply patches in some cases because they might break other stuff but after over two months such problems should be solved). The others who didn't care about Code Red are very likely not to care about Code Green / CRclean either, yet they're still causing problems for the community.It's not about "well if he doesn't patch his system he doesn't care," that is just ignorant.
When the patch has been available for a few months I believe this to be a pretty safe assumption.
Do you think the people at Microsoft/MSN didn't care when they were infected because they didn't install a patch released months before? That is absurd.
Admittedly there may be cases where people simply miss some machines on their network but if this happens regularly the admin isn't doing his job very well IMHO.
Do you think people with infected machines on the internet even know they are infected? Probably not.
No, they obviously don't. Someone who knows that he is infected and doesn't fix his system or at least block the outgoing scans is irresponsible. Code Red generates so much traffic that it should be easily spotted by a competent administrator.
Do you think they'd be overjoyed to hear they were infected with another worm to remove the first? Probably not.
I bet some suits would actually like the idea because they don't have to spend money on fixing the problem themselves. Unfortunately this creates the dangerous situation where people don't patch their systems because "some counter-worm will come along and do it for us".
Will this stop other people like you from doing similar things? Probably not?
No, why should I even try to stop people from doing things I do myself?
Do you care about the dataloss a worm that reboots machines without an admins permission causes? Apparently not.
CRclean doesn't reboot the machine it only restarts IIS. I admit that I didn't think of dataloss due to IIS restarts. I even call ExitProcess() in the exploit code which now seems like a really bad idea to me. A graceful IIS shutdown would be much better and shouldn't cause any dataloss with a well designed data base application. regards, Markus Kern
Current thread:
- Re: AW: CodeGreen beta release (idq-patcher/antiCodeRed/etc.), (continued)
- Re: AW: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Patrick Patterson (Sep 07)
- RE: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Alexander Sarras (SEA) (Sep 05)
- RE: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) t. patrick o'hara (Sep 06)
- RE: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Ivan Dimitrov (Sep 06)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) abel (Sep 06)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Markus Kern (Sep 06)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Stanley G. Bubrouski (Sep 06)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) S (Sep 06)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Markus Kern (Sep 07)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) H D Moore (Sep 07)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Markus Kern (Sep 07)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Stanley G. Bubrouski (Sep 07)
- coding (was: Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Meritt James (Sep 06)
- Re: coding (was: Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) sa7ori (Sep 06)
- Re: coding (was: Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Meritt James (Sep 07)
- RE: coding (was: Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) David Schwartz (Sep 07)
- Re: coding (was: Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Robert A. Seace (Sep 07)
- RE: coding (was: Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) David Schwartz (Sep 07)
- Re: coding (was: Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Robert A. Seace (Sep 07)