OT: RC Vaccine?
George Toft
plug-discuss@lists.PLUG.phoenix.az.us
Wed, 08 Aug 2001 07:35:28 -0700
This would be called the Millennium Internet Worm, and I was infected
by it in April 1999. It gains access through a vulnerability, FTP's
the source code to patch its three exploits, compiles and installs the
fixes, then spawns 20 copies of itself which begin port scanning
everything it can find in an attempt to fix these vulnerabilities.
Neat concept, except my ISP took great exception to the all night
"attack against another user's firewall." Good thing my wife knew
where I was that night ;)
Something like this generates as much traffic as what it is trying to
fix, and we all pay for bandwidth.
Finally, unauthorized access is illegal access regardless of the intent
or benefit.
George
Thomas Mondoshawan Tate wrote:
>
> Just had a crazy thought about all this RC mess. How about writing an
> anti-worm-worm (or vaccine) that uses the same infection method, but removes
> all copies of the RC and RCII worm from the system, notifies the system
> admin of each box it's run on and then kills itself after a specified date?
> You could then write a script on your apache system that logs the IP of the
> infected host, and then schedules an anti-infection-infection to be run later.
> Whaddya think? Good, bad, ugly? =op
>
> -- Mondoshawan
>
> ------------------------------------------------------------------------
> Part 1.2Type: application/pgp-signature