[Dshield] Re.: Shell-Autoresponder for Apache

Jochen Erwied jochen at erwied.de
Wed Nov 14 06:41:49 GMT 2001


On Tue, Nov 13, 2001 at 05:48:59PM -0500, Johannes B. Ullrich wrote:
 
>   Using this script may be considered illegal. I am not a lawyer, so 
> please contact yours if you are in doubt. I did allow it to the list as 
> this list is supposed to be as unfiltered as long as posts are not 
> redundant and security related. The script claims to pop up a dialog box 
> and display a warning message on nimda infected PCs. This message 
> identifies the writer of the script, which is another reason for me to 
> believe that there is no malicious intent in using this script.

Some points to take into account:

- The machine which gets the popup is already infected.
  So I think, it's better to get a message box instead of some other
  malicious software
- Most people do not seem to know anything about the infection.
- The script can be seen as an exploit. But I personally don't think it
  should be considered destructive.
- To put it in other words: If you leave the door open, don't wonder if
  you have unwanted visitors.

I already had two responses to this script, both were very surprised what
happened. 

-- 
Jochen Erwied     | home: jochen at erwied.de     +49-208-38800-18, FAX: -19
Sauerbruchstr. 17 | work: joe at mbs-software.de  +49-2151-7294-24, FAX: -50
D-45470 Muelheim  | this place is for rent. contact me for details!




More information about the list mailing list