Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)

From: "Stanley G. Bubrouski" <stan () ccs neu edu>
Date: Wed, 5 Sep 2001 20:44:13 -0400 (EDT)
Does anyone realize what a bad idea it is to release worms like this in
the first place, regardless of wheatehr or nto they mean well?

Think about it.

CodeGreen from my understanding does random scanning like Code Red and is
infecting machiens iwth another worm that degrades system performance and
causes traffic.  This isn't a cure it's a nightmare.  Why?

1) It causes traffic that can lead to serious bandwith consumption.

2) Traffic caused by Code Red brings down routers and
printers and it even can cause Cisco 2500 series routers (from experience,
costly ones) to run out of memory and cease functioning until a reboot.

3) It's illegal.  Just as Code Red gaims unauthorized access to systems,
so does this worm.

4) If patching fails the system is still going to be vulnerable and it
will be propagating itself to other systems that may not be patchable.

5) Machines infected with Code Red are often times unresponsive to HTTP
requests due to high memory and CPU of the Code Red infection so in many
cases not only will the CodeGreen worm not fix already infected machiens
it will most likely attempt to clean machines that are vulnerable but are
not spreading the worm, again causing more network traffic.

6) People who use Concur(A billing app used by millions of sales people on
the road in corporations all over the world) for example have IIS running
and are often times connected via dial-up to a VPN at a corporation, the
traffic generated by CodeGreen would most likely eat up all the bandwith
on their dial-up connection and cause mission critical data transmissions
to fail in the same way Code Red does.

7) Releasing untested code to the public who will surely unleash it into
the wild could lead to dataloss and other problems.

8) Go to hell.

Regards,

Stan

--
Stan Bubrouski                                       stan () ccs neu edu
23 Westmoreland Road, Hingham, MA 02043        Cell:   (617) 835-3284


On Wed, 5 Sep 2001, Blue Boar wrote:


P.S. http://www.newsbytes.com/news/01/169707.html


And here:
http://www.computing.vnunet.com/News/1125206
(And this one even has a cute picture.  Sorry... we don't get into the
news every day like Bugtraq does... thought people might be interested
:) ).
Previous By Date Next
Previous By Thread Next

Current thread: