Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)

From: Stanley G. Bubrouski (stanat_private)
Date: Wed Sep 05 2001 - 17:44:13 PDT

Next message: Ryan Permeh: "Re: asm shellcode techniques (especially relevant for win32)"

Previous message: emerson.c.tanat_private: "Immune systems: some reading in the light of CodeGreen and CleanCR"
In reply to: Blue Boar: "Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)"
Next in thread: Blue Boar: "Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)"
Reply: Blue Boar: "Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)"
Reply: Jonathan Rickman: "Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)"
Reply: t. patrick o'hara: "RE: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)"
Reply: Michael R. Rudel: "Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Does anyone realize what a bad idea it is to release worms like this in
the first place, regardless of wheatehr or nto they mean well?

Think about it.

CodeGreen from my understanding does random scanning like Code Red and is
infecting machiens iwth another worm that degrades system performance and
causes traffic.  This isn't a cure it's a nightmare.  Why?

1) It causes traffic that can lead to serious bandwith consumption.

2) Traffic caused by Code Red brings down routers and
printers and it even can cause Cisco 2500 series routers (from experience,
costly ones) to run out of memory and cease functioning until a reboot.

3) It's illegal.  Just as Code Red gaims unauthorized access to systems,
so does this worm.

4) If patching fails the system is still going to be vulnerable and it
will be propagating itself to other systems that may not be patchable.

5) Machines infected with Code Red are often times unresponsive to HTTP
requests due to high memory and CPU of the Code Red infection so in many
cases not only will the CodeGreen worm not fix already infected machiens
it will most likely attempt to clean machines that are vulnerable but are
not spreading the worm, again causing more network traffic.

6) People who use Concur(A billing app used by millions of sales people on
the road in corporations all over the world) for example have IIS running
and are often times connected via dial-up to a VPN at a corporation, the
traffic generated by CodeGreen would most likely eat up all the bandwith
on their dial-up connection and cause mission critical data transmissions
to fail in the same way Code Red does.

7) Releasing untested code to the public who will surely unleash it into
the wild could lead to dataloss and other problems.

8) Go to hell.

Regards,

Stan

--
Stan Bubrouski                                       stanat_private
23 Westmoreland Road, Hingham, MA 02043        Cell:   (617) 835-3284

On Wed, 5 Sep 2001, Blue Boar wrote:

> > P.S. http://www.newsbytes.com/news/01/169707.html
> 
> And here:
> http://www.computing.vnunet.com/News/1125206
> (And this one even has a cute picture.  Sorry... we don't get into the
> news every day like Bugtraq does... thought people might be interested
> :) ).
>

Next message: Ryan Permeh: "Re: asm shellcode techniques (especially relevant for win32)"
Previous message: emerson.c.tanat_private: "Immune systems: some reading in the light of CodeGreen and CleanCR"
In reply to: Blue Boar: "Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)"
Next in thread: Blue Boar: "Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)"
Reply: Blue Boar: "Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)"
Reply: Jonathan Rickman: "Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)"
Reply: t. patrick o'hara: "RE: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)"
Reply: Michael R. Rudel: "Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Sep 05 2001 - 18:06:05 PDT