[Dshield] MSBlast.D a good worm?

Adders adders at ask-adders.co.uk
Tue Aug 19 11:01:41 GMT 2003


I'll have to agree that this worm isn't as good as it seems.  Yes it would 
probably be nice to have a way to remotely clean machines, however this also 
raises a number of security problems.

I tried browsing two of the computers that had this virus and were attempting 
to disinfect my linux router.  Both had windows filesharing running as I was 
prompted to enter the username and password (i didn't go any further).

So yes one bug was closed, however I have now got a massive list of ip address 
of machines that are likely to contain other bugs/flaws/etc.  This could be 
used to take control and run spam proxies etc.  

This would of course be useful if I worked in a large company, as I would have 
a list of all machines that need cleaning/disinfecting.  However I've got no 
access to these machines.

Just a few thoughts.

Adam

Quoting Rod Carty <rod at en-consult.ca>:

>  From InternetWeek NewsBreak:
> ----------
> Today's top story is a short but provocative article on yet another
> new worm making the rounds; this one is a so-called "good" worm,
> attempting to fix security problems on target systems. The worm,
> called Nachi or MSBlast.D, attempts to install Microsoft Windows
> updates to fix the security hole exploited by Blaster.
> 
> Security experts have been speculating for a long, long time about
> the possibility of releasing "good" worms and viruses, designed to
> help infected systems rather than harm them; most often by installing
> security patches and upgrades. This year, we're starting to see these
> speculations become reality, both with today's Nachi/MSBlast.D worm,
> and with the earlier defense against the Fizzer virus.
> 
> But is there any such thing as a "good" worm?
> -----------
> In my opinion there is no such thing as a good worm. I wouldn't care
> if someone cleaned the dishes and vacuumed the floor after they broke
> into my house, it would still be breaking and entering as far as I'm
> concerned. Call me a control freak, but I don't even use the automatic
> update feature in Windows - I want to know when something has changed
> on my system so if something stops working I know where to go to start
> troubleshooting.
> --
> Rod C--
> Enterprise Network Consulting
> Whitehorse, Yukon
> http://www.en-consult.ca/
> 
>  >> Disclaimer: the above is the author's personal opinion and is not
> the opinion or policy of his employer or of the little green men that
> have been following him all day. <<
> The preceding humor inserted by QuipSig
> http://www.en-consult.ca/quipsig/
> 4,000 quip repertory!
> 
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
> 




More information about the list mailing list