Vulnerability Development mailing list archives
RE: Publishing Nimda Logs
From: ".JanusAurelius" <axc () andrew cmu edu>
Date: Wed, 8 May 2002 21:06:43 -0400 (EDT)
cool concept, but i think that lousy way way to introduce ppl to linux. think about it, you just found out that your box was rooted, and on top of it, some ppl from God knows where just installed this weird new OS in your machines that you simply DO NOT KNOW how to use! i mean, linux isn't exactly user-friendly. cool idea, but i doubt this will give them a good first-impression of linux, at all. at least on a psychological level, your temporally coupling virus with linux. you want to couple WINDOWS with virus ok? so how about change their desktop bakground to a bluescreen? evangelists... heh .arthur On Wed, 8 May 2002, amonotod wrote:
-----Original Message----- From: Silcock, Stephen [mailto:stephen_silcock () cleanaway com au] Sent: Tuesday, May 07, 2002 9:35 PMI think many people are underestimating the potential for damage these machines hold...<snip>I now have as a result a list of about 2000 infected, and therefore trivially exploitable hosts. ?While some may be dynamic IP's and some may not be as trivially exploitable as it seems; 2000 is a good ballpark figure. I could; if I had the time and the inclination knock up a DDoS network within the space of a day or two using that information - 2000 hosts is no small number.<snip>The machines need to be cleaned and set up securely. ?If the people running them can't do it they have no business having an internet connection; they're a liabiltiy to the rest of the internet community...You know what would be really cool? A worm that installed Linux and/or Apache on those machines, while keeping all the previous settings, such as the webroot, and publisher permissions, all that good stuff. No, I didn't insinuate that it would be legal, not in the least, but it would be cool! How about it? Anyone out there care to knock together a script that'll pull IIS settings out of the registry, download and install Apache with the same settings, disable IIS, spend (since I've already pulled all this other crap out of my butt, lets see if we can find a number also) 24 hours scanning for other vulnerable hosts, and then restart the machine? I think the only big challenge would be converting SSL settings, and maybe, ensuring the ASP files still work. Although, isn't there a module for using ASP under Apache now? Hmmm... Whatever...S. ? :)amonotod -- ?`\|||/ ? ? ? ? ? ? ? ? ? ? amonotod@ ? (@ @) ? ? ? ? ? ? ? ? ? ? netscape.net ooO_(_)_Ooo______________________________ _____|_____|_____|_____|_____|_____|_____| __________________________________________________________________ Your favorite stores, helpful shopping tools and great gift ideas. Experience the convenience of buying online with Shop@Netscape! http://shopnow.netscape.com/ Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/
Current thread:
- Fw: Publishing Nimda Logs, (continued)
- Fw: Publishing Nimda Logs Knud Erik Højgaard (May 08)
- RE: Publishing Nimda Logs Healy, S. S., CTM2 (May 08)
- Re: Publishing Nimda Logs Knud Erik Højgaard (May 08)
- is: greyhat virus was Re: Publishing Nimda Logs Matthew McGehrin (May 08)
- Re: Publishing Nimda Logs Meritt James (May 08)
- Re: Publishing Nimda Logs Jordan Frank (May 08)
- Re: Publishing Nimda Logs Valdis . Kletnieks (May 09)
- Re: Publishing Nimda Logs John Dow (May 09)
- RE: Publishing Nimda Logs amonotod (May 08)
- RE: Publishing Nimda Logs Emre Yildirim (May 08)
- RE: Publishing Nimda Logs .JanusAurelius (May 08)
- RE: Publishing Nimda Logs amonotod (May 09)
- RE: Publishing Nimda Logs Seymour, Keith (May 09)