Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)

From: "Michael R. Rudel" <mrr () thud pcs k12 mi us>
Date: Wed, 5 Sep 2001 22:14:29 -0400 (EDT)
On Wed, 5 Sep 2001, Stanley G. Bubrouski wrote:


Does anyone realize what a bad idea it is to release worms like this in
the first place, regardless of wheatehr or nto they mean well?

Think about it.

CodeGreen from my understanding does random scanning like Code Red and is
infecting machiens iwth another worm that degrades system performance and
causes traffic.  This isn't a cure it's a nightmare.  Why?



Wrong. IT doesn't activley scan. It only 'attacks' other machines that are
running Code Red that attack it first.. i.e., it's a COUNTER-measure.


1) It causes traffic that can lead to serious bandwith consumption.


See above. By disabling code red on the attacking machine, it actually
cuts down overall traffic.



2) Traffic caused by Code Red brings down routers and
printers and it even can cause Cisco 2500 series routers (from experience,
costly ones) to run out of memory and cease functioning until a reboot.


See above. It doesn't activley scan.


3) It's illegal.  Just as Code Red gaims unauthorized access to systems,
so does this worm.


Yes. But it prevents other Code Red machines from gaining unauthorized
access to additional systems. I'm not arguging that it isn't illegal.



4) If patching fails the system is still going to be vulnerable and it
will be propagating itself to other systems that may not be patchable.


As opposed to when you don't try and patch it, how the machine will be
vulnerable and will be propagating itself to other systems that may not be
patchable? :P



5) Machines infected with Code Red are often times unresponsive to HTTP
requests due to high memory and CPU of the Code Red infection so in many
cases not only will the CodeGreen worm not fix already infected machiens
it will most likely attempt to clean machines that are vulnerable but are
not spreading the worm, again causing more network traffic.


This is due to the active scanning that Code Red does. Once again, Code
Green does not do this.



6) People who use Concur(A billing app used by millions of sales people on
the road in corporations all over the world) for example have IIS running
and are often times connected via dial-up to a VPN at a corporation, the
traffic generated by CodeGreen would most likely eat up all the bandwith
on their dial-up connection and cause mission critical data transmissions
to fail in the same way Code Red does.


See above.



7) Releasing untested code to the public who will surely unleash it into
the wild could lead to dataloss and other problems.


Yes, don't release untested code, lest someone might try and improve it or
something. :P

In the future, please read up on things before talking about them. :P




8) Go to hell.

Regards,

Stan


[... signatures snipped]





-------------------------------------------------------
Michael R. Rudel * 734.417.4859 * mrr () mrrconsulting net
AOL AIM: ATSTheory * Cell E-Mail: page () gotclue org
Student Technician, Pinckney Community Schools
Principal Engineer, Michael R. Rudel Consulting
-------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: