[OT] interet worm W32/Blaster

[Dismas]

To bring it back on topic slightly.

We haven't been infected, but we spent about 1 x techie day checking every single machine in the office.

 

[Tsyr]

Simply put, I agree with the person who said that writing virii as a hobby is moronic. I do not care if you do it, but when you admit that you make virii for fun, you should expect to have some people question the value of how you spend your time, and possibly even your personal ethics. I have the capability to write virii, but choose to do worthwhile things with my time.

I have the capability to read a textbook and learn something, but I read a novel to amuse myself.

I have the capability to cook food in a soup kitchen, but instead I spend three hours making a meal for myself.

I salute you for being so noble with your time, not using your ability to do something for your own amusement.

And surely you can understand why I would take offense at having my ethics called into question for having a hobby that in no way effects anyone else.

 

[WizarDru]

Simply put, I agree with the person who said that writing virii as a hobby is moronic. I do not care if you do it, but when you admit that you make virii for fun, you should expect to have some people question the value of how you spend your time, and possibly even your personal ethics. I have the capability to write virii, but choose to do worthwhile things with my time.

It's not something I'd do with my extremely limited spare time, but consider this:

At least a dozen times a year, someone discovers an exploit in a major piece of mission critical software, and reports it. You probably don't remember what it used to be like, back in the 80s, for tech support. Companies like MS, IBM and Lotus would refuse to admit to bugs or program loopholes that allowed major code violations. If Drawmack looks for ways to break the system and then reports it...he could be stopping someone from doing the same to others. Whole groups are dedicated to this kind of error-checking craft. Visit NTBUGTraq, for example. These folks have Microsoft's ear, as they provide a valuable service of identifying major bugs and exploits before even the average IT person ever hears of them. People like this make such vulnerabilities common knowledge, and get the fixes out for them early. They work WITH MS to wait until they've examined the problem and fixed it to make knowledge of the exploit public.

Take a good look at the majority of viruses 'in the wild'. Most of them are variations of other people's code. It's rare that an actual innovation occurs. Most virii are evolutionary steps. Blaster-a takes advantage of a previously identified exploit. Look at the history of public virii, though, and you'll find that many of them were released to draw attention to security holes in OSes and other....but their method was ethically wrong and stupid.

I'm not defending people like the jackasses behind the various malware that's out there...but ethical hacking has it's place as both hobby, intellectual exercise and public service. Telling Tsyr that he's both wasting his time and is ethically wrong for writing virii that he never releases into the wild is just plain rude, frankly. Especially considering where you're making the assertion, it seems rather silly.

 

[Maraxle]

*DELETED*

Not worth saying.

 

[Psionicist]

It's not something I'd do with my extremely limited spare time, but consider this:

At least a dozen times a year, someone discovers an exploit in a major piece of mission critical software, and reports it. You probably don't remember what it used to be like, back in the 80s, for tech support. Companies like MS, IBM and Lotus would refuse to admit to bugs or program loopholes that allowed major code violations. If Drawmack looks for ways to break the system and then reports it...he could be stopping someone from doing the same to others. Whole groups are dedicated to this kind of error-checking craft. Visit NTBUGTraq, for example. These folks have Microsoft's ear, as they provide a valuable service of identifying major bugs and exploits before even the average IT person ever hears of them. People like this make such vulnerabilities common knowledge, and get the fixes out for them early. They work WITH MS to wait until they've examined the problem and fixed it to make knowledge of the exploit public.

Take a good look at the majority of viruses 'in the wild'. Most of them are variations of other people's code. It's rare that an actual innovation occurs. Most virii are evolutionary steps. Blaster-a takes advantage of a previously identified exploit. Look at the history of public virii, though, and you'll find that many of them were released to draw attention to security holes in OSes and other....but their method was ethically wrong and stupid.

I'm not defending people like the jackasses behind the various malware that's out there...but ethical hacking has it's place as both hobby, intellectual exercise and public service. Telling Tsyr that he's both wasting his time and is ethically wrong for writing virii that he never releases into the wild is just plain rude, frankly. Especially considering where you're making the assertion, it seems rather silly.

You are writing about security experts. Those who are actually smart enough to find exploitable programs and code a patch for them.

I am well capable of writing virii. But I don't. Rather I write useful programs other will enjoy, not only the program itself but the code.

Those who write malicious programs to abuse these exploits rather than fix them, or in any way writes malicious code rather than coding useful programs, or those who code virii just because that’s the only thing they can do (or because they think they are smart if they brag about it on public message boards), are in my humble opinion nothing more than worthless idiots.

 

[Tsyr]

You are writing about security experts. Those who are actually smart enough to find exploitable programs and code a patch for them.

I am well capable of writing virii. But I don't. Rather I write useful programs other will enjoy, not only the program itself but the code.

Those who write malicious programs to abuse these exploits rather than fix them, or in any way writes malicious code rather than coding useful programs, or those who code virii just because that’s the only thing they can do (or because they think they are smart if they brag about it on public message boards), are in my humble opinion nothing more than worthless idiots.

Yay. I've been called a not-smart-enough, worthless idiot by Psionicist.

Also, I'm going to call into question the term "malicious code"... By my definition, what I wrote is not malicious, since it caused no harm, nor will it ever. To me, it's a game, nothing more.

 

[Ranger REG]

Sounds like I better not log onto the internet on Saturday.

I swear that Microsoft offered a critical update back in July, because my PC notified me of new updates about certain security flaws, so I donwloaded them and installed them. Please tell me that I did the right thing to protect me from this Blaster worm?

 

[Drawmack]

Some code is art - code that does something useful or fun. Not code that keeps me in the office on the weekends and does thousands of dollars of damage to a business because some script kiddie decided to try to prove how 133t they are.

First of all my code doesn't keep you in the office.

Second of all well written code is always art

Third of all calling someone's hobby moronic is moronic, my appologies to those who consider inulting another's hobby their hobby.

 

[Drawmack]

You are writing about security experts. Those who are actually smart enough to find exploitable programs and code a patch for them.

And what would you call someone who rewrote the disk reading and writting algorithms of linux to fix a serurity hole that one of their viruses found and then released that code into the open source project. I gues I am just an unethical twit. And I'll tell Dr. Whatt that he's not allowed to teach securities anymore and he should disband that organization he helped set up you may have heard of them the NSA, because after all if I one of his students is an unethical twit then they all must be.

I am well capable of writing virii. But I don't. Rather I write useful programs other will enjoy, not only the program itself but the code.

Have you seen the code for blaster? It's given me some wonderful ideas on writting tracking programs for my own network.

Those who write malicious programs to abuse these exploits rather than fix them, or in any way writes malicious code rather than coding useful programs, or those who code virii just because that?s the only thing they can do (or because they think they are smart if they brag about it on public message boards), are in my humble opinion nothing more than worthless idiots. [/B]

1) If viri were the only thing I could write I doubt I would have a degree in computer sciences.

2) I didn't brag about it, I corrected Henry for coming down on authors and pointed out why it was incorrect. It was pertinent to the conversation so I said it rather then hiding in a corner.

3) Do me a favor next time a security patch is released due to one of my programs don't install it.

I would say that I study the computer and from the data find what I think may be a whole. I then write a program to see if that whole really exists. If that whole is proven to exist I inform the appropriate people and give my virus to the scanner people. Now tell me - what is unethical, immoral, unhelpful, stupid or any of the other derogatory bits that have been thrown around about that? Maybe what I should be doing is finding the stuff not reporting it writting my own fixes and selling them to morons like you for a couple grand a piece instead of letting the vendors write their own and give them away, that would be more ethical would it not?

 

[Drawmack]

Sounds like I better not log onto the internet on Saturday.

I swear that Microsoft offered a critical update back in July, because my PC notified me of new updates about certain security flaws, so I donwloaded them and installed them. Please tell me that I did the right thing to protect me from this Blaster worm?

First of all you only need to worry if you're on nt or xp other windows are not volnerable. Second check windowsupdate.microsoft.com again to be sure you're up to date and you'll be okay. Additionally I am attaching the cleaner that norton put out for this virus which is freeware and therefor legally distributed in this manor.