lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <003501c365b7$454d9a00$2b02a8c0@dcopley> From: dcopley at eeye.com (Drew Copley) Subject: Why Fixer Worms Are A Bad Idea RE: [UPDATE] ping floods > -----Original Message----- > From: full-disclosure-admin@...ts.netsys.com > [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of > Sam Pointer > Sent: Monday, August 18, 2003 9:15 AM > To: 'Abraham, Antony (Cognizant)'; B3r3n@...osnet.com; > full-disclosure@...ts.netsys.com > Subject: RE: [Full-Disclosure] [UPDATE] ping floods > > > Antony Abraham wrote: > > > >http://vil.nai.com/vil/content/v_100559.htm > > > >New RPC worm which will generate lot of ICMP traffic. > > Well I guess it would appear from this portion of NAI's > analysis that someone was listening to the thread on this > list about writing an anti-blaster worm: > > "The worm carries links to various patches for the MS03-026 > vulnerability: ... The worm attempts to download and install > one of these patches on the victim machine." > Everytime a worm comes out, people talk about making fixer worms. It is a natural thought. It is not a well thought out thought, though. It is very time consuming to make worms. It is very difficult to test worm code. Most developer's do not test their worm code, as is obvious from their work. The problem with the "fixer" idea is that the worm will still consume bandwidth and cause these sorts of problems. In this case, it causes ping floods. I wonder if it downloads the right patch. If it does not detect the OS properly and downloads the wrong patch, then it has done nothing but act as any other virus. The reports on the worm do note that it sends some systems into the infinite reboot loop problem. That is not a good thing. If someone really wants to spend four, five, twelve hours, even more... Writing a fixer worm, their time would far be better served berating people to upgrade their systems... And berating vendors to better protect their users.
Powered by blists - more mailing lists