This would be called the Millennium Internet Worm, and I was infected by it in April 1999. It gains access through a vulnerability, FTP's the source code to patch its three exploits, compiles and installs the fixes, then spawns 20 copies of itself which begin port scanning everything it can find in an attempt to fix these vulnerabilities. Neat concept, except my ISP took great exception to the all night "attack against another user's firewall." Good thing my wife knew where I was that night ;) Something like this generates as much traffic as what it is trying to fix, and we all pay for bandwidth. Finally, unauthorized access is illegal access regardless of the intent or benefit. George Thomas Mondoshawan Tate wrote: > > Just had a crazy thought about all this RC mess. How about writing an > anti-worm-worm (or vaccine) that uses the same infection method, but removes > all copies of the RC and RCII worm from the system, notifies the system > admin of each box it's run on and then kills itself after a specified date? > You could then write a script on your apache system that logs the IP of the > infected host, and then schedules an anti-infection-infection to be run later. > Whaddya think? Good, bad, ugly? =op > > -- Mondoshawan > > ------------------------------------------------------------------------ > Part 1.2Type: application/pgp-signature