Forgive me my seeming ignorance but isn't the concept behind the code green to only have it sent to confirmed infected systems? Also, if you can determine (through whatever means) a box hitting your network is infected, why not simply send the file/code to fix the problem to whomever owns the box (not always easy to find). This accomplishes two things - 1) it gets the file to the infected site and 2) you are not guilty of [essentially] doing the same thing as the original malicious code. If any code came through my site and executed (first I would question my site security) I would ID that file as a virus/worm (I think that's the original definition, isn't it???). Instead of taking your valuable time to write a code to fix the problem, why not 1) take the box off-line, 2) bounce the box (dumps the worm out of the cache), 3) INSTALL THE F#$%ING PATCH, and 4) restart the box. As for the script-kiddies. That's akin to thanking a burglar for breaking into your home, showing you that your locks are weak - how's that for logic??? <shrug> my .02 worth...
This archive was generated by hypermail 2b30 : Fri Sep 07 2001 - 13:18:54 PDT