RE: Publishing Nimda Logs

[".JanusAurelius" <axc () andrew cmu edu>]

cool concept, but i think that lousy way way to introduce ppl to linux.
think about it, you just found out that your box was rooted, and on top of
it, some ppl from God knows where just installed this weird new OS in your
machines that you simply DO NOT KNOW how to use! i mean, linux isn't
exactly user-friendly.
cool idea, but i doubt this will give them a good first-impression of
linux, at all.

at least on a psychological level, your temporally  coupling virus with
linux. you want to couple WINDOWS with virus ok? so how about change their
desktop bakground to a bluescreen?
evangelists... heh

.arthur

On Wed, 8 May 2002, amonotod wrote:

> -----Original Message-----
> From: Silcock, Stephen [mailto:stephen_silcock () cleanaway com au]
> Sent: Tuesday, May 07, 2002 9:35 PM
> > I think many people are underestimating the potential for damage these
> > machines hold...
> <snip>
> > I now have as a result a list of about 2000 infected, and therefore
> > trivially exploitable hosts. ?While some may be dynamic IP's and some may
> > not be as trivially exploitable as it seems; 2000 is a good ballpark
> > figure.
> >
> > I could; if I had the time and the inclination knock up a DDoS network
> > within the space of a day or two using that information - 2000 hosts is no
> > small number.
> <snip>
> > The machines need to be cleaned and set up securely. ?If the people
> > running them can't do it they have no business having an internet
> > connection; they're a liabiltiy to the rest of the internet community...
>
> You know what would be really cool?  A worm that installed Linux and/or
> Apache on those machines, while keeping all the previous settings, such as
> the webroot, and publisher permissions, all that good stuff.  No, I didn't
> insinuate that it would be legal, not in the least, but it would be cool!
>
> How about it?  Anyone out there care to knock together a script that'll
> pull IIS settings out of the registry, download and install Apache with the
> same settings, disable IIS, spend (since I've already pulled all this other
> crap out of my butt, lets see if we can find a number also) 24 hours
> scanning for other vulnerable hosts, and then restart the machine?  I think
> the only big challenge would be converting SSL settings, and maybe,
> ensuring the ASP files still work.  Although, isn't there a module for
> using ASP under Apache now?
>
> Hmmm... Whatever...
>
> > S. ? :)
>
> amonotod
>
> --
>  ?`\|||/ ? ? ? ? ? ? ? ? ? ? amonotod@
>  ? (@ @) ? ? ? ? ? ? ? ? ? ? netscape.net
> ooO_(_)_Ooo______________________________
> _____|_____|_____|_____|_____|_____|_____|
>
>
>
> __________________________________________________________________
> Your favorite stores, helpful shopping tools and great gift ideas. Experience the convenience of buying online with 
> Shop@Netscape! http://shopnow.netscape.com/
>
> Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/