Fantastic whitepaper on the rise
- Cory Doctorow
- Uncategorized
- Nov 28, 2001
Fantastic whitepaper on the rise and spread of worms, from the Morris Worm to Nimda.
All worms need to be considered highly malicious, even if they spread in a seemingly benign manner, as most worms signal that a machine is vulnerable to further attack through its attempts to spread. A good example of the way in which this can be exploited is illustrated at http://www.dasbistro.com/default.ida. This web page responds to a Code Red 2 probe (which tries to access default.ida with a string designed to cause an IIS buffer overflow) by scheduling a counterattack. The counterattack tries to use the Code Red 2 installed security hole and, if successful, disables IIS and resets the infected machine. It could have just as easily deleted all the files, installed Back Orifice, or performed any other malicious activity desired. A modified version could attack Code Red 1 infected machines by using the same buffer overflow exploit that Code Red used and similar scripts could respond to Nimda, Ramen, or other infections.