[Gllug] Code Red worm sleeps?

Wulf Forrester-Barker wulf.f-b at uhl.nhs.uk
Wed Aug 1 16:28:29 UTC 2001 

Richard <richard at vmlinuz.org> mused:

> I just had a thought - talking to a collegue here.  What would it take to
> write something which fit the following:
>
> Any machine from which an attack originates is unpatched and vunerable.
> How about a counter-virus which would utilise the known vunerability on the
> attacking machine to both wipe out the worm from that machine, and install
> the patch (or something smaller and simpler, maybe) such that the machine is
> then no longer vunerable?
>
> Purely a thought experiment, but still...

Didn't somebody do something like this a few months ago:

http://www.thestandard.com/article/0,1902,24600,00.html 

The problem with this is that it would then be open for somebody to take that as a shell and insert malicious code... so that all the sites that relied on it for protection would still get hit. Also, while undoing the damage at the other end, in order to spread, it would still have to proliferate itself around, thereby causing denial of service type damage.

As the article, quoting Slashdot, says:

 "Someone who posted a message on Slashdot conjured up images of an arms race among benevolent worms. Will a mouse worm devour the Cheese worm, then succumb to the cat worm, and so on up the food chain? Another Slashdotter tutted, 'It's a cute idea, really, but it has to stop.' "

Wulf




wulf.f-b at uhl.nhs.uk

**********************************************************************
DISCLAIMER:

Any opinions expressed in this email are those of the individual and
not necessarily the Trust. This email and any files transmitted with
it are confidential and intended solely for the use of the individual
or entity to whom they are addressed. Any unauthorised disclosure of
the information contained in this e-mail is strictly prohibited.

The contents of this email may contain software viruses which could
damage your own computer system. Whilst we have taken every
reasonable precaution to minimise this risk, we cannot accept liability
for any damage which you sustain as a result of software viruses.
You should therefore carry out your own virus checks before opening
the attachment.

If you have received this email in error please notify the sender or
postmaster at uhl.nhs.uk. Please then delete this email.

University Hospital Lewisham
Tel: 020 8333 3000
Web: www.uhl.ac.uk
**********************************************************************

-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug

More information about the GLLUG mailing list