Anti-Santy Worm Patches phpBB Flaw 245
sebFlyte writes "Interesting Santy worm story -- there's now an anti-Santy worm proliferating, which spreads the same way as a normal worm, but rather than killing machines or taking control of them, it gives them security updates..." We mentioned the Santy worm about ten days ago.
Not very benificial (Score:5, Informative)
Re:Not very benificial (Score:5, Insightful)
What I see is a company saying we are first to report but we wont say anything that can be good for our "enemy". There is nothing difficult about testing its efficiency but it is not in their interest.
I am not saying this worm is good, but that if they wanted to verify it would be easy.
Re:I think everyone is missing a point here (Score:2)
What happens when someone releases a version of the worm with a rootkit attached? It'll fix the vulnerability, and then install its rootkit (which will then hide its traces).
ALL worms are evil, even the worms in sheeps clothing (ok, I'm mixing metaphors, but...)
Aren't... (Score:5, Funny)
Re:Aren't... (Score:2, Funny)
Re:Aren't... (Score:2)
hohoho (Score:2, Funny)
I can imagine explaining this... (Score:5, Funny)
Re:I can imagine explaining this... (Score:2)
Re:I can imagine explaining this... (Score:2, Funny)
White Worms (Score:3, Interesting)
Re:White Worms (Score:3, Interesting)
Re:White Worms (Score:5, Funny)
Re:White Worms (Score:5, Insightful)
Re:White Worms (Score:2)
Re:White Worms (Score:2)
Re:White Worms (Score:4, Insightful)
Re:White Worms (Score:4, Insightful)
If I have the choice between havoc caused by a patch and havoc caused by a hostile breakin into the system, I'll pick the havoc caused by the patch, that at least doesn't leave any hidden backdoors behind.
Re:White Worms (Score:2)
For home users this should be a non-issue. Just install the patch. Businesses need to be a little more careful.
Re:White Worms (Score:3, Insightful)
What kind of sewed vision of the world do you have that would allow you to make such a comment?
If a person is intelligent enough to patch their system, then they need not worry about the worm, as they will have patched their systems against it! Those not intelligent enough to patch their systems will get infected, and then have their system patched, its win-win.
It is a similar concept to those bar code scanners we have at work: The letters of t
Re:White Worms (Score:2)
Pretty much any organization of a decent size is going to have a production environment, and a pre-production testing environment. Pretty much all of these organizations are going to have checklists to make ANY changes to the production environment -- one of which is usually an installation/test period in the pre-production environment.
Let's say there's a worm out there that can infect a system in the production environment. Let's say there's a
Re:White Worms (Score:2)
If someone's car stalls out on a travel lane of a highway and they just leave it to go home and think about what to do, the police will have it towed, to protect public safety. If the driver returns to f
Re:White Worms (Score:3, Interesting)
Re:White Worms (Score:5, Insightful)
Of course, such machines aren't the ones likely to intersect common worm spread vectors...
Re:White Worms (Score:2)
It is perfectly possible a vulnerability was left alone by the operator because the patch would have rendered the system unusable and that security measures external to the vulnerable system render the vulnerability moot.
No, it is not, since the patch-worm uses the same vulnerability the bad-worm exploits. So if the good worm can get in, the bad worn can do this as well.
Re:White Worms (Score:2, Funny)
It is routine security practice to test
Re:White Worms (Score:2)
You miss the point. If I have a system with a vulnerability on the network that is protected by an external layer of security (e.g. a firewall or gateway that blocks access to the vulnerable service) then the machine is effectively as invulnerable as if it had been patched (with respect to traffic from outside that gateway). Example: my httpd may have a security flaw, but if I have blocked port 80 at the firewall, then no request will ever be able to exploit that it.
But if port 80 is blocked, the good w
Re:White Worms (Score:2)
Re:White Worms (Score:2, Funny)
Re:White Worms (Score:2, Funny)
http://slashdot.org/comments.pl?sid=134480&cid=
Re:White Worms (Score:5, Interesting)
"If a site is infected, the worm causes a huge amount of traffic and slows down the site. I don't think it's possible to write a beneficial worm."
Conundrum (Score:2, Interesting)
Holes they use should never be left unpatched, even if the worm's patches are not applied.
Consider: If there was a benign strain of HIV out there that immunized you to Herpes upon infection, would you give up condoms?
Re:White Worms (Score:2)
Not that there's anything wrong with that....
Re:White Worms (Score:2, Insightful)
Re:White Worms (Score:2, Funny)
If, somehow, you get infected by a worm, or maybe Juiblex, remember to use a unicorn horn immediately, or eat some euc
Re:White Worms (Score:2)
Re:White Worms (Score:5, Insightful)
I disagree.
I very nearly wrote an anti-code-blue worm a few years back, and got to the point of payload (patch) deployment when the glaring flaw came to me: any time that you or a program that you made does something unexpected, or makes a connection to another machine, YOU are liable for what happens. Given that heterogeneous computers and networks exist, can you test for 100% of all possible cases? Likely not.
It's not so much that I disagree with the sentiment, you see, but I find it impossible to ever run into the case that a white worm is done correctly and can be certified as such.In the example above, for instance, all that an attacker would have to do would be to infect a netblock with Code Blue, point them at my anti-blue worm launcher, and then watch the fun as I "cause" a DDOS with all the network traffic that will go spewing back and forth between the two sites. The attacker has now been able to effect the Availability of two sites in one go. Not exactly something that I'd like my name attached to, hence the reason that no anti-code-blue-worms have been released into the wild from me.
a poetic response... (Score:2)
Realistically though, white worms are the kudzu of computer science.
MY CAT HAS WHITE WORMS (Score:2)
Re:Well, in that case... (Score:5, Funny)
Sure, and thanks! I appreciate it. My ip is 127.0.0.1. Let me know if you find anything worth patching!
Re:Well, in that case... (Score:5, Funny)
Re:Well, in that case... (Score:2)
This is one of those cases where "Redundant" is valid for the first such post in a thread.
Incidentally, the parent is old, too, but it's slightly more funny and relevant.
Re:White Worms (Score:3, Funny)
Re:White Worms (Score:2, Insightful)
I think worms that go around closing the security holes that let them in are a Good Thing and it's about time they started appearing.
Re:White Worms (Score:2)
Of course given that you haven't even tried SP2 yet then you're obviously not a qualified admin(leastways not for windows) because you have no idea of whether it causes problems for your system or not.
Re:White Worms (Score:2)
For users that know what they are doing, I would agree with that sentiment. But for all the consoomers out there who dont know how to install updates, I think a white worm can be a good thing.
There are many users (especially on dialup) who don't want to deal with the hassle or have the updates bogging down their internet connection (w
Re:White Worms (Score:2)
The bottom line is that these things need to happen to keep us all running well. If the p
Re:White Worms (Score:2)
Concealed ends? (Score:4, Insightful)
Re:Concealed ends? (Score:2)
Re:Concealed ends? (Score:4, Funny)
Even better, if it managed to infect MS source then Windows would become GPL!!
In my mind (Score:2)
Choice, the problem is choice.
Re:In my mind (Score:2)
Re:Concealed ends? (Score:2, Informative)
i am wholeheartedly against "benevolent worms".
Satisfaction Guarantee? (Score:2, Interesting)
Wasn't there a Welcha worm that cleaned up Blaster, and once the path was clear, it just gave you another virus?
A bit uneasy... (Score:2, Interesting)
Re:A bit uneasy... (Score:3, Insightful)
Here's my take on these types of worms:
I have evidence which leads me to strongly believe that your kitchen faucet is leaking, badly. This will no doubt cause flooding and damage. Instead of warning you about it, I (a random citizen) will now fix this problem for you.
Of course, since I don't know your home, I may break something unrelated to your current problem. But don't wor
Still illegal (Score:4, Insightful)
Re:Still illegal (Score:2)
Is it just? The cop thought so.
Is it ethical or legal? Nope.
Is it safe? Uh-uh.
Did he save lives? Very possibly.
The cop can sleep at night and the 'bad guy' doesn't committ any more crimes. Society is served... assuming the cop was right
Re:Still illegal (Score:4, Insightful)
Note: My reply is entirely US-centric.
Although both your examples in the quoted passage are examples of the system screwing up, not vigilantes screwing up, I think I do recognize the tone you're trying to take -- that vigilantes can make errors. I interpret your message as carrying an underlying tone that this is a reason to avoid citizen level responses. You weren't explicit about this, so feel free to correct me if I got it wrong. Proceeding on that assumption, though:
That, and more, can be said for the formal justice system as well. The only difference is that the mistakes are made by someone who represents "duly constituted authority and power", rather than someone who took authority and power for themselves.
Look at the facts. Judges and juries put innocents behind bars on a regular basis. (Witness the recent DNA exoneration of those folks on death row and the subsequent removal of all prisoners from death row by the governor, a man who I frankly consider a hero for this action.) Citizen's supposedly inviolate rights are trampled, and hard, by the courts. Every day. Guantanimo. Registration. Double jeopardy. Freedom of speech. Freedom from unreasonable search. Restrictions on travel. Government support of religion. Etc., ad nauseum. Reparations for errors in prosecution and punishment are minimal or non-existant, and of course for capital punishment, impossible. "Mommy" laws that should never become law are inflicted on us left and right, and at times with terrible social and personal consequences (drug laws are the poster child for this one, though they are hardly isolated in either "mommyness" or inherently being agents of harm.)
The fact is, you should not trust the system to "do right." It hasn't, doesn't, and will not. The evidence is right there before your face each and every day. So the issue of citizen response naturally arises because of pressure from the system.
Turning to our network experience, consider spam. I don't know about you, but spam has cost me a lot of hours. Not just on my desk, but interfering with my business (asswipes using our domain names as return addresses for spam is one way, there are others.) What has the government done about it? Not a #$%^#$%^ thing in practical terms. In fact, with the CAN-SPAM act, they basically climbed right in bed with the spammers. Should I sit there like a turnip and not respond when the spammers screw with my life? The government isn't addressing the problem, so what is the correct course of action? Bending over?
Consider software piracy and shrink wrap licensing and software patents. At the legislative level, these issues have been well and truly fumbled, though that surely under-describes the problem. Should I sit there like a turnip and not respond when the pirates steal my software? The government isn't addressing this problem either, so again, what is the correct course of action? Still bending over?
Viruses and worms -- again, we're supposed to bend over and take it without lube or even a reach-around, right? Because... well, why? Why should we? Why? Most people have been doing just that, and what do we have to show for it? I'll tell you -- we have a bumper crop of viruses and worms, that's what we have.
It all comes down to one thing: If you trust and wait for the duly-constituted authorities to "do what is right" then you are simply naive. They're almost certainly not going to. They rarely do.
It turns out that the correct course of action becomes very clear when you think about the important things in your life, and what is actually best for society.
For instance, i
Re:Still illegal (Score:2)
Which raises the question:
Should the law change?
If the anti-Santy worm... (Score:5, Funny)
Nice, but at what cost? (Score:4, Insightful)
Re:Nice, but at what cost? (Score:2)
Re:Nice, but at what cost? (Score:2)
Security update? (Score:5, Insightful)
Re:Security update? (Score:5, Insightful)
Re:Security update? (Score:2)
Good Worms, Bad Worms (Score:4, Funny)
Re:Good Worms, Bad Worms (Score:2)
Personally, I'd rather keep my buying habits to myself and deal with random spam. Better yet, I'd rather not deal with spam at all.
Re:Good Worms, Bad Worms (Score:2)
Re:Good Worms, Bad Worms (Score:2)
Anti-IE worm... (Score:5, Interesting)
Re:Anti-IE worm... (Score:2)
Re:Anti-IE worm... (Score:2)
No such thing as a white worm (Score:5, Interesting)
Re:No such thing as a white worm (Score:2)
Re:No such thing as a white worm (Score:3, Insightful)
This sounds really great in theory. Unfortunately, I know too many people who politely explained to someone that that had a security problem, just to have an embarressed admin turn around and claim that the person pointing it out must a hacker breaking into the system.
I even know a case where a person explained that the password on windows 95
Re:No such thing as a white worm (Score:2)
Re:No such thing as a white worm (Score:2)
But the way I see it your site only gets infected by this worm if you are running an old version of php (less than php-4.3.10). The best way for an admin to deal with the traffic is just patch your system in the first place.
No vulnerability.
No worm.
No increased traffic.
The time to patch your servers was tw
What? That doesn't exist! (Score:5, Funny)
Fiorello: "Ha-ha-ha-ha-ha. You can't fool me...there ain't no Sanity Clause."
Survival of the fittest (Score:4, Interesting)
Perhaps the next phase will be a virus or worm that follows genetic theory. The genetic features that would have to be modelled would be:
1) it is considered beneficial
2) it can reproduce
3) it can mutate
The successful entities would then survive, and the unsucessful mutations would die out. Survival of the fittest?
which brings up another question... (Score:4, Interesting)
Re:which brings up another question... (Score:2, Informative)
Nice thought but... (Score:2, Informative)
Below are 2 sites that as of this posting have:
viewtopic.php secured by Anti-Santy-Worm V4
Your site is a bit safer, but upgrade to >= 2.0.11 !!
Upgrsrv:201.255.84.219/
http://www.ifotografi.it/secure.php/ [ifotografi.it]
htt [moto-portal.pl]
The Code (Score:5, Informative)
This is the code of the worm extracted from a vulnerable box.
# asw: anti santy worm
# this worm will try to fix any viewtopic.php on local box
# will use this box for 1 day to search other buggy phpBB forums, and end.
etc...
Patching not posible... or not always... (Score:2, Interesting)
I wish to know more details about how the Anti-Santy patch is done. Any URL?
A self-spreading worm it is always dangerous, another aproach, doubthly legal byut more polite is the strike back philosophy. If someone attacks you then strike back and patch them (and install other strike back worm). With this technic the infection cou
I think you wanted to say patching is OK .. (Score:2)
A "worm" however, does not restrict itself to systems that attacked you. So it is a bad idea to use. Also, the attacking worm usually causes high load at the infected end, not the attacked end, at least one instance of the worm. So the argument about damage done might not hold here.
Re:Patching not posible... or not always... (Score:2)
got it. thanks.
Re:Patching not posible... or not always... (Score:2)
I never mentioned the merits of php/perl only that there are weenies who take the whole thing too seriously
Done before? (Score:2)
Good Worms Bad Worms. When can we QOS these things (Score:4, Interesting)
I need a router/switch/filter that recognises worm/virus traffic for what it is and sets QOS down (or out) on such traffic. Better yet, I want my internet provider to have one. So the neighbor next door's got twelve sessions of Butt Trumpet running on his PC and more broadband in Mbps than he has brain cells to rub together, doesn't mean the pipes I use outta here need to be effected.
Niceties would be an ability to recognise interactive traffic and flag it for regular service. Not an original idea, by the by, was first mentioned in sf by John Brunner some years back.
Another project I will never get round to.
This is the end of the rant. We now return you to your regularly scheduled
Re:Good Worms Bad Worms. When can we QOS these thi (Score:2)
Try searching google for "Intrusion detection system [google.com]" for some of what you might be referring to.
Reasonable force (Score:2, Insightful)
"I was just taking reasonable steps to protect my property from the attacks of others"
Re:Reasonable force (Score:2)
And thus one more step is in place for Bush to be compard to the Nazis.
Doh! I just violated Goodwin's Law! And my own!
Call Me Crazy... (Score:2)
--Tso
This will block both black and white worms (Score:2)
Re:White Knight Viruses/Worms? (Score:3, Informative)
IIRC, this caused as much damage as a normal worm. It crashed systems, destroyed windows installations, etc. etc.
Re:White Knight Viruses/Worms? (Score:2)
Creeper and Reaper (Score:2, Interesting)
In the 1970s [google.com], Creeper was the first Internet worm, which spread among computers running the Tenex OS. Reaper, the second Internet worm, was sent to destroy copies of Creeper.