Re: aside: worm vs. worm?

[Nick FitzGerald <nick () virus-l demon co uk>]

Andrew J Homan <homa0016 () umn edu> wrote:

> It seems that between the time dcom.c first starting popping up around the
> internet and today, there was ample time for someone to write and release a
> worm designed to patch infected systems and remove any sign of itself. 
> Given that on the 16th of this month windowsupdate.com will be DDOSed, does
> anyone else see this as an opportunity for a war of worms with
> windowsupdate.com at stake?  ...

Please can we not have this debate again?

The believers on both sides are almost as trenchantly set in their 
beliefs as the pro and con full-disclosure camps and equally unlikely 
to move.

If you really want to know people's views on this issue, please search 
the web for "good worms" and the like.

> ...  Would anyone consider releasing a patching
> worm on their own network if they knew it wouldn't spread to the rest of
> the internet or is there a downside to this notion which I'm not realizing?

Why would anyone do that?

Given they had the authority to make such patches, why were they not 
running one of the many freely available vulnerability scanners that 
search for just this vulnerability during the last few weeks and taking 
appropriate action based on the results?  If they do not have the 
appropriate authority to do that they would not have the appropriate 
authority to run such a "worm".

Yes -- it may save a few lazy, and a few grossly under-resourced, 
admins arses, but perhaps the kick in the pants their _organization_ 
will feel for failing to have taken suitable preparatory measures 
(which go far beyond simply having applied the MS03-026 patch 
sufficiently in advance of this worm's release!) will finally be what 
it takes for some of those organizations to finally wake up and smell 
the coffee???


Regards,

Nick FitzGerald

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html