Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)

From: Jonathan Rickman (jonathanat_private)
Date: Wed Sep 05 2001 - 19:45:49 PDT

Next message: Michael R. Rudel: "Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)"

Previous message: .MetsyS.: "Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)"
In reply to: Stanley G. Bubrouski: "Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)"
Next in thread: Steinhart Alexander: "CodeGreen free? // Re: Re: AW: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)"
Next in thread: t. patrick o'hara: "RE: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)"
Next in thread: .MetsyS.: "Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)"
Reply: Steinhart Alexander: "CodeGreen free? // Re: Re: AW: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Moderator: My webserver has logged CodeGreen hits, so I feel I have the
right to respond to this admittedly wasted thread. If nothing else...please
afford me the opportunity to speak to the world without resorting to strange GET
requests in everyone's webserver logs.


> Does anyone realize what a bad idea it is to release worms like this in
> the first place, regardless of wheatehr or nto they mean well?

Obviously not...

195.224.242.248 - - [04/Sep/2001:19:00:30 -0400] "GET
/default.ida?Code_Green_<I_like_the_colour-_-><AntiCo
deRed-CodeRedIII-IDQ_Patcher>_V1.0_beta_written_by_'D
er_HexXer'-Wuerzburg_Germany-_is_dedicated_to_my_sist
erli_'Doro'.Save_Whale_and_visit_<www.buhaboard.de>_a
nd_<www.buha-security.de>%u9090%u6858%ucbd3%u7801%u90
90%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9
090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u
00=a HTTP/1.0" 404 1442 "-" "-"

Logs deliberately not sanitized...

Thanks but no thanks 195.224.242.248, I don't need any help securing this
system. It is not now, nor was it ever, vulnerable to Code Red.

> CodeGreen from my understanding does random scanning like Code Red and is

Apparently so, as this is an Apache server...


> 2) Traffic caused by Code Red brings down routers and
> printers and it even can cause Cisco 2500 series routers (from experience,
> costly ones) to run out of memory and cease functioning until a reboot.

Can't confirm this, but I wouldn't be surprised to find similar problems with
Code Green.

> 3) It's illegal.  Just as Code Red gaims unauthorized access to systems,
> so does this worm.

Not much doubt about that. The beauty is, we know who the author of this is. He
claimed responsibility publicly.

> 8) Go to hell.

I was thinking the same thing...


<TONGUE IN CHEEK>
As far as I'm concerned, this is a "log defacement". It's bad enough having to
parse through all the XXXXXXXXXX / NNNNNNNNN / AAAAAAAAAAA / VVVVVVVVVVVV
entries without adding "_is_dedicated_to_my_sisterli_'Doro'.Save_Whale" to the
list. What the hell is that all about anyway???
</TONGUE IN CHEEK>

-- 
Jonathan Rickman
X Corps Security
http://www.xcorps.net

Next message: Michael R. Rudel: "Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)"
Previous message: .MetsyS.: "Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)"
In reply to: Stanley G. Bubrouski: "Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)"
Next in thread: Steinhart Alexander: "CodeGreen free? // Re: Re: AW: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)"
Next in thread: t. patrick o'hara: "RE: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)"
Next in thread: .MetsyS.: "Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)"
Reply: Steinhart Alexander: "CodeGreen free? // Re: Re: AW: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Sep 05 2001 - 20:06:51 PDT