[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Slightly OT: Worms: Exploit Plug-ins and Benevolent Worms



On Tue, 7 Aug 2001, Alon Altman wrote:

> On Mon, 6 Aug 2001, Shlomi Fish wrote:
> > What could be done to solve it, is to make the worm a benevolent one. I.e:
> > one that closes the exploits as soon as it infiltrated the computer. This
> > is still illegal according to the law, but it's probably the best solution
> > yet. The worm should also make the existence of the potential exploit
> > known to the administrator, so he can fix it.
> >
> > One could write an anti-Code-Red-II worm and put its source on USENET. He
> > should probably do it anonymously.
>
>   Writing such a worm (like writing any worm) is LEGAL. Running it on an
> Intranet you are in charge of is legal as well. Running it on the general
> internet is not.
>   Therefore, there is no reason to post it anonymously, as it's totally OK
> to do so (heck, you may even open a SourceForge project for it). It has a
> legitimate use as a tool for intranet admins
>
>  Alon
>

Hi Alon!

After my post I made 1+1=2 and realized that the following scheme may be
a highly useful thing (tm) for sys admins:

A benevolent worm written in perl that can have multiple plug-ins compiled
into it. The worm would be open-source and will generally be relatively
obfuscated, but in order to save bandwidth should be obfuscated by a
perl obfuscator. This worm will distribute itself to sites bounded by a
netmask or a group of netmasks, while closing vulnerable services and
adding notices on it on the site somehow.

Now, whenever a new exploit is found, someone writes a plug-in for that
worm that enables it to advance further and to close the offending
service. The reason I suggested perl is because:

1. Perl should not be compiled.
2. Perl is available on most systems.
3. Most exploits can be written in perl.
4. Perl can be better obfuscated than python, for example.

But I suppose writing it in C may also be possible.

Of course the downside, is that one will be able to use the plug-ins to
power a malevolent generic worm like that. So, there may be a situation of
a worm-war in the Internet.

Writing such a worm may be an intersting experience. It could be a good
idea for a Haifux' project assuming it is indeed perfectly legal to do it.

Regards,

	Shlomi Fish


> --
> This message was sent by Alon Altman (Psycho99@bigfoot.com) ICQ:1366540
> The RIGHT way to contact me is by e-mail. I am otherwise nonexistent :)
> --------------------------------------------------------------------------
> Gold's Law:
> 	If the shoe fits, it's ugly.
>



----------------------------------------------------------------------
Shlomi Fish        shlomif@t2.technion.ac.il
Home Page:         http://t2.technion.ac.il/~shlomif/
Home E-mail:       shlomif@techie.com

A more experienced programmer does not make less bugs. He just realizes
what went wrong more quickly.


=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il