[ale] [OT] Good worm by Microsoft
Jonathan Rickman
jonathan at xcorps.net
Mon Aug 18 20:46:04 EDT 2003
On Monday 18 August 2003 19:00, Debrihmi wrote:
> "The new worm scours the Internet for computers already infected with
> Blaster and deletes the "bad" worm, according to two anti-virus software
> vendors. The worm then fixes the computers with one of eight software
> patches developed by Microsoft Corp, and it uses infected computers as a
> base for searching the Internet for other vulnerable systems."
I'll recycle an earlier rant and mark this OT for future replies...
Let's see...
Does it magically boot the system off known good media to check for
rootkits/backdoors/trojans/[insert favorite evil here]???
No.
Does it magically monitor the traffic to and from the machine for a
reasonable period of time to ensure that nothing is amiss???
No.
Does it reinstall the host OS from the original media and restore the last
known good backup???
No.
So...what does it do?
It patches the hole and wipes out the worm if present, then deletes itself
in 2004. Great...except, MSBlaster wasn't the only thing that took
advantage of the RPC/DCOM exploit. Oops. Now the system administrator has
no cause to take any of the above steps because from his view, sitting in
his office running the latest eEye scanner, the machine was never
vulnerable.
When will folks figure out that these so called "good worms" are not a good
thing? The failure of the author to take note of such fundamental flaws in
his or her logic suggests that they have no business doing anything, much
less volunteering to correct the world's problems. Of course, this could be
a deliberate cover-up...but somehow I think it's just another security
cowboy trying to save the world.
There are no good worms.
--
Jonathan Rickman
X Corps Security
http://www.xcorps.net
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list