[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Slightly OT: Worms: Exploit Plug-ins and Benevolent Worms



On Tue, Aug 07, 2001, Shlomi Fish wrote about "Re: Slightly OT: Worms: Exploit Plug-ins and Benevolent Worms":
> service. The reason I suggested perl is because:
> 
> 1. Perl should not be compiled.
> 2. Perl is available on most systems.
> 3. Most exploits can be written in perl.
> 4. Perl can be better obfuscated than python, for example.

But Perl is not available on 95% of the systems that the current Code Red II
worm "caters" to... Obviously you can download perl into every system you
penetrate, but that extremely slow and error-prone.

> Of course the downside, is that one will be able to use the plug-ins to
> power a malevolent generic worm like that. So, there may be a situation of
> a worm-war in the Internet.

That's why "hubris" (see my previous post) had signed plug-ins, with the
private key needed to sign them never published anywhere.
Of course, signing modules also has its downsides: it can be proved that a
person caught with the private key was the one who wrote the modules.

> Writing such a worm may be an intersting experience. It could be a good
> idea for a Haifux' project assuming it is indeed perfectly legal to do it.

It is probably not. I am not a lawyer, but I'd think that to prove a crime
you need to demonstrate intent and illegal action. In this case you have both:
you *intend* for the worm to "escape" out to the wild (this list's archives
shows that), and if the worm does escape and do damage, you also have the
illegal action.

-- 
Nadav Har'El                        |         Tuesday, Aug  7 2001, 18 Av 5761
nyh@math.technion.ac.il             |-----------------------------------------
Phone: +972-53-245868, ICQ 13349191 |Communism is the equal distribution of
http://nadav.harel.org.il           |poverty.

=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il