Vulnerability Development mailing list archives
CodeGreen free? // Re: Re: AW: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)
From: "Steinhart Alexander" <Steinhart () uni de>
Date: Fri, 7 Sep 2001 16:48:05 +0200
Von: Jonathan Rickman [mailto:jonathan () xcorps net] Gesendet: Donnerstag, 6. September 2001 04:46 An: Blue Boar Cc: vuln-dev () securityfocus com Betreff: Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Moderator: My webserver has logged CodeGreen hits, so I feel I have
the right to respond to this admittedly wasted thread.
If nothing else...please afford me the opportunity to speak to the
world without resorting to strange GET requests in
everyone's webserver logs.Does anyone realize what a bad idea it is to release worms like this in the first place, regardless of wheatehr or nto they mean well?Obviously not... 195.224.242.248 - - [04/Sep/2001:19:00:30 -0400] "GET
/default.ida?Code_Green_<I_like_the_colour-_-><AntiCo
deRed-CodeRedIII-IDQ_Patcher>_V1.0_beta_written_by_'D er_HexXer'-Wuerzburg_Germany-_is_dedicated_to_my_sist erli_'Doro'.Save_Whale_and_visit_<www.buhaboard.de>_a nd_<www.buha-security.de>%u9090%u6858%ucbd3%u7801%u90 90%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9 090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u 00=a HTTP/1.0" 404 1442 "-" "-" Logs deliberately not sanitized... Thanks but no thanks 195.224.242.248, I don't need any help securing
this system. It is not now, nor was it ever, vulnerable to Code Red. Can anybody confirm this? Has somebody logs, too?
In cases where we have some pretty good statistics about the
propagation
and saturation of a given worm, if you were going to write such a worm
(and I'll leave that debate to others more versed in ethics and law
than myself),
wouldn't it be the best idea to have it shut down (permanently) at SATURATION_TIME(target_worm)+a short time - so in this case, CodeGreen
should
have been programmed to shut down no more than 6 days after infecting
a box. I think the best idea, it participates to let stop the worm if it has found x days nothing to patch and as a security maybe one or two months after infecting a box.
(and I'll leave that debate to others more versed in ethics and law
than myself) That's no question, but if you read something like this... (sorry, it's german) http://groups.google.com/groups?hl=en&safe=off&th=41a4be0598ea4c6,18&see km=3B7CDBB3.657BB0D9%40gft-solutions.de#p
4. Worm should send a message to admin.
And I think it's ineffectively to send emails and (broadcast) messages to admin account accessible from the infected box, with a worm that he is infected. ppl like this one above has no patch, yet! They have contributed with the increase of the CodeReds and now with the increase from somewhat "harmless" would push them panic, surely... regards, Alexander Steinhart
Current thread:
- RE: CodeGreen beta release (idq-patcher/antiCodeRed/etc.), (continued)
- RE: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Paige, Randall (Sep 04)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Markus Kern (Sep 04)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) DerHexXer (Sep 05)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Markus Kern (Sep 05)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Meritt James (Sep 05)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Blue Boar (Sep 05)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Blue Boar (Sep 05)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Stanley G. Bubrouski (Sep 05)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Blue Boar (Sep 05)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Jonathan Rickman (Sep 05)
- CodeGreen free? // Re: Re: AW: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Steinhart Alexander (Sep 07)
- RE: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) t. patrick o'hara (Sep 05)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Blue Boar (Sep 05)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Markus Kern (Sep 06)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Markus Kern (Sep 05)
- RE: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Paige, Randall (Sep 04)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Michael R. Rudel (Sep 05)
- Message not available
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) .MetsyS. (Sep 05)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Michael R. Rudel (Sep 05)
- illegal cheer (was: Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Meritt James (Sep 06)
- Re: illegal cheer (was: Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Markus Kern (Sep 07)
- Re: illegal cheer (was: Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Meritt James (Sep 07)
- Re: illegal cheer (was: Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Meritt James (Sep 07)