[Dshield] fighting back against CodeRed

Peter Street lazerfx at ntlworld.com
Mon Aug 6 20:30:10 GMT 2001


------ Quote
I'm proposing a program run on a series of machines that listen for
coderedII
attempts, and when they receive them, neutralize the coderedII worm on the
attacking host via the backdoor, run a windows update, or run the patch for
this hole on the attacker, and then reboot the system to bring it back up
clean of the worm and protected
------ /Quote

I can appreciate this, however, perhaps it would be worthwhile to send them
a message?  Instead of actually backdooring the machine outright, running
code on it that could, potentially, screw up the machine (Yes, I know the
possibility is very small, but there is always the chance), why don't we use
the backdoor to send a message to the user, something like, 'You are
compromised by the CodeRedII virus, get the update from
windowsupdate.microsoft.com' or similar?

I'm sure this is possible using access to cmd.exe, and it appears this is
what the CR-II virus gives you.  I shudder to think what some malicious
hacker could do to those systems...

Peter Street / LazerFX
Creator [http://discworld.imaginary.com]
Web Developer - Freelance.
ASP, XML, XSLT, C++, Delphi, DB2, SQL




More information about the list mailing list