[Dshield] MSBlast.D a good worm?
adders at ask-adders.co.uk
Tue Aug 19 11:01:41 GMT 2003
I'll have to agree that this worm isn't as good as it seems. Yes it would
probably be nice to have a way to remotely clean machines, however this also
raises a number of security problems.
I tried browsing two of the computers that had this virus and were attempting
to disinfect my linux router. Both had windows filesharing running as I was
prompted to enter the username and password (i didn't go any further).
So yes one bug was closed, however I have now got a massive list of ip address
of machines that are likely to contain other bugs/flaws/etc. This could be
used to take control and run spam proxies etc.
This would of course be useful if I worked in a large company, as I would have
a list of all machines that need cleaning/disinfecting. However I've got no
access to these machines.
Just a few thoughts.
Quoting Rod Carty <rod at en-consult.ca>:
> From InternetWeek NewsBreak:
> Today's top story is a short but provocative article on yet another
> new worm making the rounds; this one is a so-called "good" worm,
> attempting to fix security problems on target systems. The worm,
> called Nachi or MSBlast.D, attempts to install Microsoft Windows
> updates to fix the security hole exploited by Blaster.
> Security experts have been speculating for a long, long time about
> the possibility of releasing "good" worms and viruses, designed to
> help infected systems rather than harm them; most often by installing
> security patches and upgrades. This year, we're starting to see these
> speculations become reality, both with today's Nachi/MSBlast.D worm,
> and with the earlier defense against the Fizzer virus.
> But is there any such thing as a "good" worm?
> In my opinion there is no such thing as a good worm. I wouldn't care
> if someone cleaned the dishes and vacuumed the floor after they broke
> into my house, it would still be breaking and entering as far as I'm
> concerned. Call me a control freak, but I don't even use the automatic
> update feature in Windows - I want to know when something has changed
> on my system so if something stops working I know where to go to start
> Rod C--
> Enterprise Network Consulting
> Whitehorse, Yukon
> >> Disclaimer: the above is the author's personal opinion and is not
> the opinion or policy of his employer or of the little green men that
> have been following him all day. <<
> The preceding humor inserted by QuipSig
> 4,000 quip repertory!
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
More information about the list