On Wed, 5 Sep 2001, Emre Yildirim wrote: > .MetsyS. wrote: > > > > > > 1. Code red machines are screaming YOU CAN OWN ME. > > 2. Passive infection reduces bandwidth. > > 3. Worm should be open source. > > 4. Worm should send a message to admin. > > 5. I would format and re-install my O/S anyway, seeings as anyone could > > have added more sneaky things to it. > > 6. The box can be owned by anyone and have anything done to it, personally > > i'd be thankfull if a worm came and stopped my info leaking onto the net. > > > > > Okay I may be wrong on this, but I read somewhere that the FBI is > actually trying to contact the owners of 6000 computers to inform them > that they have been infected. Wouldn't this kind of "good worm" screw > that up? And I can't believe after all this media hype and after all Yes. And it also messes up people who's PC's are setup to use things like Tivoli with addons that track whether a patch from an automated system was instlled correctly. If such things fail because a patch is already present then a false alarm may be triggered and the person may have to send the pc back to their company to have it examined so it won't be a security threat even though it has already been patched. > these advisories and discussions, that there are still some people out > there that aren't aware that their system is infected. But I'm sure it People who install Windows 2000 themselves and some computer vendors end up with IIS enabled by default on their machines and many have no knowledge of what a server is nevermind turnign it off or looking on technet for patches. You have to remember the vast majority of people using computers have no little knowledge of what is running on their system other than what they see on the task. I've been in the position of having to track these people down, and if you ask them, they will tell you "what webserver? How can my laptop be running a webserver I don't even know how to use one?" People aren't stupid they just don't know what they have or that they are infected. People who don't deal with installing their own software or are involved in configuring PCs often don't read articles on things like that, if they did things like SirCam would also have little of propogating. > will get better...even NT admins run windozeupdate from time to time, > which I heard patches the bug. Just my $0.02 :-D Windowsupdate unfortunately doesn't have all the security updates and therefore unless someone looks at technet they may miss an important patch. Awareness is the answer, unfortunately not everyone is aware of that :-P > > > > > -- > Emre Yildirim <emreat_private> > GPG KeyID 0xF9E4A1D1 (keyserver.pgp.com) > Regards, Stan -- Stan Bubrouski stanat_private 23 Westmoreland Road, Hingham, MA 02043 Cell: (617) 835-3284
This archive was generated by hypermail 2b30 : Wed Sep 05 2001 - 23:44:49 PDT