Vulnerability Development mailing list archives
RE: Publishing Nimda Logs
From: "Emre Yildirim" <emre () uab edu>
Date: Wed, 8 May 2002 20:49:05 -0500 (CDT)
You know what would be really cool? A worm that installed Linux and/or Apache on those machines, while keeping all the previous settings, such as the webroot, and publisher permissions, all that good stuff. No, I didn't insinuate that it would be legal, not in the least, but it would be cool! How about it? Anyone out there care to knock together a script that'll pull IIS settings out of the registry, download and install Apache with the same settings, disable IIS, spend (since I've already pulled all this other crap out of my butt, lets see if we can find a number also) 24 hours scanning for other vulnerable hosts, and then restart the machine? I think the only big challenge would be converting SSL settings, and maybe, ensuring the ASP files still work. Although, isn't there a module for using ASP under Apache now?
That is worse than infecting machines with a worm. Some people still don't know much about Apache. They'll just wake up one day and realize their server runs on different software, and reinstall IIS/Windows. That costs time and money (some people could even get fired because of this). It also creates lots of unnecessary confusion (i.e. people calling the FBI thinking they got hacked). What about proprietary database software that was specifically written for IIS? You'll just break things. The best solution is to educate people who use Microsoft products about security. Most of these nimda servers don't even run web pages. They're just DSL/cable hosts, where the owner decided to install windows on their computers, and doesnt have a clue that a webserver is running. The ISPs should be more responsive to complaints as well -- it shouldn't require the media to blow things out of proportion to make people aware of problems like these. Just my $0.01 on this thread (which has been discussed/debated a zillion times by now). -- Emre Yildirim, <insert job title here> emre.yildirim () us army mil | emre () uab edu
Current thread:
- Re: Publishing Nimda Logs, (continued)
- Re: Publishing Nimda Logs Raistlin (May 08)
- Fw: Publishing Nimda Logs Knud Erik Højgaard (May 08)
- RE: Publishing Nimda Logs Healy, S. S., CTM2 (May 08)
- Re: Publishing Nimda Logs Knud Erik Højgaard (May 08)
- is: greyhat virus was Re: Publishing Nimda Logs Matthew McGehrin (May 08)
- Re: Publishing Nimda Logs Meritt James (May 08)
- Re: Publishing Nimda Logs Jordan Frank (May 08)
- Re: Publishing Nimda Logs Valdis . Kletnieks (May 09)
- Re: Publishing Nimda Logs John Dow (May 09)
- RE: Publishing Nimda Logs amonotod (May 08)
- RE: Publishing Nimda Logs Emre Yildirim (May 08)
- RE: Publishing Nimda Logs .JanusAurelius (May 08)
- RE: Publishing Nimda Logs amonotod (May 09)
- RE: Publishing Nimda Logs Seymour, Keith (May 09)