Vulnerability Development mailing list archives
Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)
From: "Stanley G. Bubrouski" <stan () ccs neu edu>
Date: Wed, 5 Sep 2001 20:44:13 -0400 (EDT)
Does anyone realize what a bad idea it is to release worms like this in the first place, regardless of wheatehr or nto they mean well? Think about it. CodeGreen from my understanding does random scanning like Code Red and is infecting machiens iwth another worm that degrades system performance and causes traffic. This isn't a cure it's a nightmare. Why? 1) It causes traffic that can lead to serious bandwith consumption. 2) Traffic caused by Code Red brings down routers and printers and it even can cause Cisco 2500 series routers (from experience, costly ones) to run out of memory and cease functioning until a reboot. 3) It's illegal. Just as Code Red gaims unauthorized access to systems, so does this worm. 4) If patching fails the system is still going to be vulnerable and it will be propagating itself to other systems that may not be patchable. 5) Machines infected with Code Red are often times unresponsive to HTTP requests due to high memory and CPU of the Code Red infection so in many cases not only will the CodeGreen worm not fix already infected machiens it will most likely attempt to clean machines that are vulnerable but are not spreading the worm, again causing more network traffic. 6) People who use Concur(A billing app used by millions of sales people on the road in corporations all over the world) for example have IIS running and are often times connected via dial-up to a VPN at a corporation, the traffic generated by CodeGreen would most likely eat up all the bandwith on their dial-up connection and cause mission critical data transmissions to fail in the same way Code Red does. 7) Releasing untested code to the public who will surely unleash it into the wild could lead to dataloss and other problems. 8) Go to hell. Regards, Stan -- Stan Bubrouski stan () ccs neu edu 23 Westmoreland Road, Hingham, MA 02043 Cell: (617) 835-3284 On Wed, 5 Sep 2001, Blue Boar wrote:
P.S. http://www.newsbytes.com/news/01/169707.htmlAnd here: http://www.computing.vnunet.com/News/1125206 (And this one even has a cute picture. Sorry... we don't get into the news every day like Bugtraq does... thought people might be interested :) ).
Current thread:
- CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Herbert HexXer (Sep 01)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Markus Kern (Sep 01)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Stanley G. Bubrouski (Sep 05)
- <Possible follow-ups>
- RE: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Paige, Randall (Sep 04)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Markus Kern (Sep 04)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) DerHexXer (Sep 05)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Markus Kern (Sep 05)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Meritt James (Sep 05)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Blue Boar (Sep 05)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Blue Boar (Sep 05)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Stanley G. Bubrouski (Sep 05)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Blue Boar (Sep 05)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Jonathan Rickman (Sep 05)
- CodeGreen free? // Re: Re: AW: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Steinhart Alexander (Sep 07)
- RE: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) t. patrick o'hara (Sep 05)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Blue Boar (Sep 05)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Markus Kern (Sep 06)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Markus Kern (Sep 05)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Michael R. Rudel (Sep 05)
- Message not available
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) .MetsyS. (Sep 05)
- Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Michael R. Rudel (Sep 05)
- illegal cheer (was: Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) Meritt James (Sep 06)