[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] aside: worm vs. worm?

To: "'Andrew J Homan'" <homa0016@umn.edu>, <full-disclosure@lists.netsys.com>
Subject: RE: [Full-Disclosure] aside: worm vs. worm?
From: "gml" <gml@phrick.net>
Date: Tue, 12 Aug 2003 01:57:40 -0400

I think you are probably missing the obvious privacy issues.
However if this were something that stopped at your edge, then I would
Refer to it more as an automated patch agent, rather than a worm.
It's less threatening. Something like this would be trivial to write,
especially if it were to be used in a controlled environment.  You should
also consider that if it were to only patch machines within your network,
that possibly traversal would be unnecessary, a scanner that was capable of
patching would do the trick.  Even a Perl script to wrap one of the many
DCOM exploits available that could tftp the patch to the machine and execute
it would probably suffice in most cases, assuming there is a way to make the
patch install silently and force a reboot.

-----Original Message-----
From: full-disclosure-admin@lists.netsys.com
[mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of Andrew J Homan
Sent: Monday, August 11, 2003 9:55 PM
To: full-disclosure@lists.netsys.com
Subject: [Full-Disclosure] aside: worm vs. worm?

It seems that between the time dcom.c first starting popping up around the
internet and today, there was ample time for someone to write and release a
worm designed to patch infected systems and remove any sign of itself. 
Given that on the 16th of this month windowsupdate.com will be DDOSed, does
anyone else see this as an opportunity for a war of worms with
windowsupdate.com at stake?  Would anyone consider releasing a patching
worm on their own network if they knew it wouldn't spread to the rest of
the internet or is there a downside to this notion which I'm not realizing?

Andrew J. Homan
Software Engineering Intern
http://www.cnt.com/

NOTE: Views and/or opinions expressed are not those of CNT.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] aside: worm vs. worm?
  - From: Andrew J Homan <homa0016@umn.edu>

Prev by Date: Re: [Full-Disclosure] aside: worm vs. worm?
Next by Date: RE: [Full-Disclosure] aside: worm vs. worm?
Prev by thread: Re: [Full-Disclosure] aside: worm vs. worm?
Next by thread: RE: [Full-Disclosure] aside: worm vs. worm?
Index(es):
- Date
- Thread