Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

cancel ×

245 comments

Not very benificial (5, Informative)

lightdarkness (791960) | more than 9 years ago | (#11228159)

Is reporting [f-secure.com] that they don't know if the worm actually patches it sucessfully. For all we know, it could be infecting the System. When searching [msn.com] , only 3 results came up.

Re:Not very benificial (-1, Offtopic)

RikRat (834490) | more than 9 years ago | (#11228180)

WTF? You are using MSN search insted of Google? Shame!

Re:Not very benificial (1, Interesting)

lightdarkness (791960) | more than 9 years ago | (#11228225)

MSN's index updates quicker.

Google wouldn't show as many results. I am a google junkie, but MSN previals in this aspect.

Westerner : Likely Author of Anti-Worm (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#11228509)

The person who created the Anti-Worm worm is likely a Westerner. The person who created the actual worm is likely a non-Westerner [phrusa.org] .

This kind of benevolence in the West is common. Below is a list of countries who have pledged money to help the tsunami's victims in Southern Asia.

1. USA $40 million
2. Japan $30 million
3. Australia $7 million
4. China $0.00

'Nuff said.

Re:Westerner : Likely Author of Anti-Worm (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#11228535)

The UK has pledged almost $100 million.

Re:Westerner : Likely Author of Anti-Worm (0, Offtopic)

lightdarkness (791960) | more than 9 years ago | (#11228558)

Canada said they would match what canadians donated plus 40 million.

But... it is Canadian money ;-)

Aren't... (5, Funny)

Anonymous Coward | more than 9 years ago | (#11228170)

worms that remove/kill the MS OS is the same as a security patch?

Re:Aren't... (1, Funny)

Anonymous Coward | more than 9 years ago | (#11228337)

hummmm. I guess that would make my Linux admin a worm?

Re:Aren't... (-1, Troll)

Anonymous Coward | more than 9 years ago | (#11228406)

OMG LOL a MS joke on Slashfag!!11~! ROLF!`~!!!! 8=====D~~~~~~~~ O: <-- average slashdotter

OMG (-1, Troll)

Anonymous Coward | more than 9 years ago | (#11228596)

a MS fagboy defending the horrible security inherent in MS WinXP and IE!! The very least you could do is post under your real name, Mr. Gates.

Re:Aren't... (2, Funny)

adlaiff6 (810221) | more than 9 years ago | (#11228584)

Only if they install linux...otherwise, it's just a blessing.

hohoho (2, Funny)

Anonymous Coward | more than 9 years ago | (#11228171)

Ho-ho-holes

I can imagine explaining this... (5, Funny)

Chemisor (97276) | more than 9 years ago | (#11228172)

"You see Mom, there are Good worms and there are Bad worms"

Re:I can imagine explaining this... (1)

RPI Geek (640282) | more than 9 years ago | (#11228407)

Wow! I just had to do that exact thing! She's in the room with me, and when I mentioned the story she thought that "patching" meant something bad. So I needed to explain what it really meant :P

White Worms (3, Interesting)

ErichTheWebGuy (745925) | more than 9 years ago | (#11228175)

I feel that white worms, when done correctly, are a good thing. This is a case where the ends justify the means, even if it does mean comprimising vulnerable systems.

Re:White Worms (2, Interesting)

savagedome (742194) | more than 9 years ago | (#11228197)

White worms? Ha! I prefer to call them Earthworms since they belong to both sides!

Re:White Worms (4, Funny)

Texodore (56174) | more than 9 years ago | (#11228199)

I have a white worm the updates my system. It pops with the name "Automatic Updates."

Re:White Worms (4, Insightful)

antifoidulus (807088) | more than 9 years ago | (#11228212)

Till the worm installs a security patch that causes a bug that it takes someone hours upon hours of debugging to locate. People should be allowed to patch when they want. Patches aren't always 100% correct, and some can cause some major havoc. Let each person decide if/when the patch is needed...

Re:White Worms (1)

ErichTheWebGuy (745925) | more than 9 years ago | (#11228229)

And viruses and worms don't cause even more "major havoc?"

Re:White Worms (1)

antifoidulus (807088) | more than 9 years ago | (#11228289)

Yes they do, but there are more ways to deal with them than just "patching" ya know. Everyone knows their own situation best, it's a bit arrogant to force other people to do "what is good for them". Everyone should be in charge of their own systems, simple as that.

Re:White Worms (3, Insightful)

grumbel (592662) | more than 9 years ago | (#11228299)

### Patches aren't always 100% correct, and some can cause some major havoc.

If I have the choice between havoc caused by a patch and havoc caused by a hostile breakin into the system, I'll pick the havoc caused by the patch, that at least doesn't leave any hidden backdoors behind.

Re:White Worms (1)

rvw14 (733613) | more than 9 years ago | (#11228215)

I remember the nachi worm, which patched blaster, actually caused more problems.

Well, in that case... (0)

Anonymous Coward | more than 9 years ago | (#11228222)

...give me your IP and I will login and make sure everything is in order.

Re:Well, in that case... (5, Funny)

ErichTheWebGuy (745925) | more than 9 years ago | (#11228252)

...give me your IP and I will login and make sure everything is in order.

Sure, and thanks! I appreciate it. My ip is 127.0.0.1. Let me know if you find anything worth patching!

Re:Well, in that case... (5, Funny)

Anonymous Coward | more than 9 years ago | (#11228285)

Oh my God! I've never seen so much child and bestiality porn! You sicken me.

Re:White Worms (5, Insightful)

aborchers (471342) | more than 9 years ago | (#11228224)

In principle they seem good, but what about when a white worm installs a patch that interferes with legitimate operation of the system? It is perfectly possible a vulnerability was left alone by the operator because the patch would have rendered the system unusable and that security measures external to the vulnerable system render the vulnerability moot.

Of course, such machines aren't the ones likely to intersect common worm spread vectors...

Re:White Worms (4, Interesting)

GoofyBoy (44399) | more than 9 years ago | (#11228245)

From the article;

"If a site is infected, the worm causes a huge amount of traffic and slows down the site. I don't think it's possible to write a beneficial worm."

Re:White Worms (1, Interesting)

lukewarmfusion (726141) | more than 9 years ago | (#11228254)

If it comes into my system without my permission, it's a bad thing. I don't care if it's coming with good intentions or not, any kind of unauthorized access is unacceptable.

As others have pointed out, patching isn't always something you should do right away. In any enterprise system, you should be testing the patches and updates before you deploy them to your users. For instance, many of us wait to see if Service Pack 2 is stable before installing it. I haven't put it on my own machine yet (partly for fear of instability and partly out of laziness). If a worm came around that forced users to upgrade to SP2 right after it was released, that could be a very bad thing.

Re:White Worms (2, Funny)

jnguy (683993) | more than 9 years ago | (#11228470)

What about for worms like blaster. If an antiworm was released, it could have prevented the mass chaos that broke out on the internet, slowing everything down... I think.

Conundrum (2, Interesting)

jabber01 (225154) | more than 9 years ago | (#11228259)

White worms are a nice theory, but I think they should be fought just as vehemently by anti-virus software as malicious ones.

Holes they use should never be left unpatched, even if the worm's patches are not applied.

Consider: If there was a benign strain of HIV out there that immunized you to Herpes upon infection, would you give up condoms?

Bad Analogy (0)

Anonymous Coward | more than 9 years ago | (#11228435)

This is actually a case of using a weakened (or attenuated) HIV to block all other HIV, and that is how most innoculations work today.

Re:White Worms (1)

orthogonal (588627) | more than 9 years ago | (#11228265)

I feel that white worms, when done correctly, are a good thing
This is a code-phrase used by guys who meet at rest-stops or in bathhouses, isn't it?
This is a case where the ends justify the means....
Yeah, I though so.

Not that there's anything wrong with that....

Re:White Worms (0)

Anonymous Coward | more than 9 years ago | (#11228278)

That's funny. I haven't had a good laugh all day.

Worm Racism? (0)

Anonymous Coward | more than 9 years ago | (#11228547)

Hot off the heels of the hard drive controversy [slashdot.org] , is it really wise to continue labeling all destructive, harmful, negative worms as "Black" and all constructive, helpful, positive worms as "White"?

Is this how you think of people, too?

Re:Worm Racism? (1, Funny)

Anonymous Coward | more than 9 years ago | (#11228630)

Of course not. I think of constructive, helpful, positive people as "white" and of destructive, harmful, negative people as "my mother-in-law Warranetta."

Re:White Worms (2, Insightful)

SwimsWithTheFishes (842420) | more than 9 years ago | (#11228274)

The ends justify the means? I don't think so! When the white worm author determines what the ends are, and what correctly is, it is still just a worm. Anything installed behind my back on my computer is bad, evil, no-good-nick!

Re:White Worms (2, Funny)

Anonymous Coward | more than 9 years ago | (#11228326)

Also purple worms, when handled correctly, are a good thing. If you're wearing a ring of slow digestion you can try to get swallowed on purpose for a respite. Even better, charm one for a pet; they're very tough, superior to Archons even in the endgame. (A pet purple worm can clear out the Castle easily) Or you could always polymorph to one, assuming you have some sort of polymorph control.

If, somehow, you get infected by a worm, or maybe Juiblex, remember to use a unicorn horn immediately, or eat some eucalyptus leaves if you have them handy. (Tip: you can generate lots by shattering boulders, stone-to-fleshing the resultant rocks and polymorphing the resulting meatballs. It may take several tries.) Or, you could cast or zap cure disease.

Good luck fighting these worms. They are surely a menace.

Sincerely,
@

Re:White Worms (1)

grumbel (592662) | more than 9 years ago | (#11228347)

I agree with that, white worm when done right is a good thing. However to be really a good thing such a white worm needs to be official, ie. signed by those who have written the valuable software, else any bad worm could come by, add a little "I patched your system" message and in reality just install a backdoor. There is of course still the danger that a evil worm got first into the system before the white worm could fix it so some audit on what changed in the system is still necessary, but it could at least stop the spreading of the bad worm.

Re:White Worms (1)

seann (307009) | more than 9 years ago | (#11228631)

I 100% agree.

Good thing I didn't write it either.

Concealed ends? (3, Insightful)

mOoZik (698544) | more than 9 years ago | (#11228183)

Is it possible the "benevolent" worm actually does damage covertly? Has this been investigated thoroughly?

Re:Concealed ends? (1)

bigberk (547360) | more than 9 years ago | (#11228241)

Is it possible the "benevolent" worm actually does damage covertly? Has this been investigated thoroughly?
The only way to know for sure is if it's released under a free/open source license, such as the GNU GPL.

Re:Concealed ends? (1)

GoofyBoy (44399) | more than 9 years ago | (#11228334)

Using open source as a method of determining what a worm in the wild does?!?!?

Once its in the wild, how do you know what it is?

Re:Concealed ends? (3, Funny)

Tony Hoyle (11698) | more than 9 years ago | (#11228340)

Heh. If it patched non-GPL code the worm victim could also be sued by the FSF!

Even better, if it managed to infect MS source then Windows would become GPL!!

In my mind (1)

Prince Vegeta SSJ4 (718736) | more than 9 years ago | (#11228244)

anything that surreptitiously enters my computer for any reason would be considered damage, even if the intent is benevolent. Why? Because I like my ability to choose what to do and not to do, or at least choose the option to let things happen automatically.

Choice, the problem is choice.

Re:In my mind (1)

jnguy (683993) | more than 9 years ago | (#11228485)

You assume that everyone can make the right choice, and quick enough to have any effect. I'm a believer in democracy, and freedom, or whatever, but there are times when a dictatorship are absolutely necessary.

Re:Concealed ends? (1, Funny)

Anonymous Coward | more than 9 years ago | (#11228322)

Dude, you just read this on Slashdot.

Of course it hasn't been "investigated thoroughly."

Coincidence (-1, Offtopic)

Egregius (842820) | more than 9 years ago | (#11228185)

I happened to be reading about beneficial viruses and worms just yesterday. This is bizarre.

Re:Coincidence (0)

Anonymous Coward | more than 9 years ago | (#11228346)

You might have misused your yet unknown magical powers. Bad boy! Go to your room :P

Re:Coincidence (0)

Anonymous Coward | more than 9 years ago | (#11228566)

Oh really? Please, do go on, that sounds most fascinating.

Satisfaction Guarantee? (2, Interesting)

someonewhois (808065) | more than 9 years ago | (#11228186)

Is there a satisfaction guarantee with the virus?

Wasn't there a Welcha worm that cleaned up Blaster, and once the path was clear, it just gave you another virus? :p

Re:Satisfaction Guarantee? (0)

Anonymous Coward | more than 9 years ago | (#11228345)

Ejaculating horsecocks

A bit uneasy... (2, Interesting)

BlueThunderArmy (751258) | more than 9 years ago | (#11228188)

this does sound a bit sneaky and intrusive, but if it's breaking into computers and doing good deeds perhaps we should just let it. After all, people sure as hell aren't doing security updates on their own, might as well let somebody do them.

Still illegal (4, Insightful)

Anonymous Coward | more than 9 years ago | (#11228189)

The author of this worm still doesn't have permission to modify the source code running on people's servers. Yes, they may be idiots, but idiots still have rights (for the moment).

Re:Still illegal (1)

Bonker (243350) | more than 9 years ago | (#11228437)

This is like the vigilante cop who knows beyond a shadow of a doubt that a suspect is guilty of a heinous crime and also knows that he'll never get enough evidence to convite the suspect before he strikes again. So he goes and 'anonymously' drops a cap in the suspects head.

Is it just? The cop thought so.
Is it ethical or legal? Nope.
Is it safe? Uh-uh.
Did he save lives? Very possibly.

The cop can sleep at night and the 'bad guy' doesn't committ any more crimes. Society is served... assuming the cop was right about the bad guy.

In the real world, however, vigilante justice is often flawed and often destroys the lives of innocents. It's not hard to find examples from the lowest level-- the accidental killing of people living next door to a bail-jumper-- to the highest-- the unilateral invasion of a sovreign nation on false pretense.

If the anti-Santy worm... (5, Funny)

shigelojoe (590080) | more than 9 years ago | (#11228198)

...and the Santy worm come in contact, would it cause the server to asplode in a brilliant flash of light?

Re:If the anti-Santy worm... (0)

Anonymous Coward | more than 9 years ago | (#11228348)

No silly, it would PHPlode!

Worm Deferred (0)

Anonymous Coward | more than 9 years ago | (#11228504)

What happens to a worm deferred?
Does it get uninstalled
Like a game that's no fun?
Or rename itself--
And then run?

Does it blink like a bad web page?
Or lie ever dormant--
like the XP Search mage?
Maybe it just lags
or forces Safe Mode.
Or does it ASP load?

Yes, just like if (0)

Anonymous Coward | more than 9 years ago | (#11228472)

slashdot "editor" michael came in contact with an intelligent heterosexual anti-communist male.

Nice, but at what cost? (4, Insightful)

Novous (844236) | more than 9 years ago | (#11228207)

The problem with a "good" virus, is that because of an oversight, it may cause more damage. It could open up a new expliot, or subtly damage a part of the server.

White Knight Viruses/Worms? (1)

naer_dinsul (784040) | more than 9 years ago | (#11228209)

Is this the first (fairly) wide-spread example of a white knight virus?

What are the downsides to using a white knight?

Re:White Knight Viruses/Worms? (2, Informative)

lachlan76 (770870) | more than 9 years ago | (#11228236)

No, there was another one, the Nachi virus.

IIRC, this caused as much damage as a normal worm. It crashed systems, destroyed windows installations, etc. etc.

Re:White Knight Viruses/Worms? (0)

Anonymous Coward | more than 9 years ago | (#11228307)

> destroyed windows installations, etc. etc.

Are you saying this is a bad thing??

Re:White Knight Viruses/Worms? (1)

CrazyDuke (529195) | more than 9 years ago | (#11228343)

Yeah, there is a chance it will screw your virgin system.

Creeper and Reaper (2, Interesting)

tepples (727027) | more than 9 years ago | (#11228454)

In the 1970s [google.com] , Creeper was the first Internet worm, which spread among computers running the Tenex OS. Reaper, the second Internet worm, was sent to destroy copies of Creeper.

Re:Creeper and Reaper (0)

Anonymous Coward | more than 9 years ago | (#11228572)

I though creeper was just a virus and that the frist true worm was the morris worm.

Re:White Knight Viruses/Worms? (1, Insightful)

v3rgEz (125380) | more than 9 years ago | (#11228624)

No matter the intent, the worm doesn't take into account all the variables that go into a box. Maybe 95% of the users who get it ARE idiots, as a lot of posters have said, but the 5% left may have their reasons...
Aside from this fact, and the fact that there is no QA and little testing before hitting the mainstream, it causes a lot of excess, innefficient i-net traffic, which for a long time was the primary annoyance of mass-stream virii.

Security update? (5, Insightful)

jacobcaz (91509) | more than 9 years ago | (#11228213)

Is this really a "security update" as much as it's fiddling a bit with some PHP code? And this "beneficial" worm still defaces the site too:
  • Sites that have been attacked by the anti-Santy worm are defaced with the words: "viewtopic.php secured by Anti-Santy-Worm V4. Your site is a bit safer, but upgrade to >= 2.0.11."
If I break into your house and clean your bathroom you could call me beneficial, but you might get a little upset if I used spray-paint to write "This house is a bit cleaner, but buy some Lysol" on your front door.

Re:Security update? (4, Insightful)

imsabbel (611519) | more than 9 years ago | (#11228269)

No, its more like , after finding your car unlocked and doors open, closing the door and put a piece of paper on the dashboard to lock it the next time...

Re:Security update? (1)

Durzel (137902) | more than 9 years ago | (#11228546)

Sites that have been hit by the worm will already have been defaced, so there will be no chance of recovering the file short of using a backup. I suppose from a PR point of view a public-facing website saying "x is secured by y" is better than "This site is defaced!".

If the worm was clever enough it should be able to root out vulnerable sites that have not yet been defaced by Santy (by searching for Santys calling card in the source), and instead of defacing it anyway to say "x is secured by y", it could patch the hole and leave the site as is.

No idea whether it does this though, I suspect it doesn't.

Obligatory joke (0)

Anonymous Coward | more than 9 years ago | (#11228219)

Is it digitally signed?

If only there were more of these... (0)

Anonymous Coward | more than 9 years ago | (#11228220)

I would "infect" my family's computers to avoid the horror of giving them tech support for their horrible computing habits (not updating AV, refusing spyware checkers, swearing by IE, taking down their firewall because of "slow download speeds")

*sigh*

Good Worms, Bad Worms (4, Funny)

mohrt (72095) | more than 9 years ago | (#11228226)

Using a worm as a way to help instead of wreak havoc, this is an interesting idea. Why don't they carry this idea over to Spam and use it to send me things I'm actually interested in?

Re:Good Worms, Bad Worms (1)

ScrewMaster (602015) | more than 9 years ago | (#11228390)

They're working on that. It's why they want all your personal information in the first place ... it's called "targeted advertising."

Personally, I'd rather keep my buying habits to myself and deal with random spam. Better yet, I'd rather not deal with spam at all.

Really now? (0)

Anonymous Coward | more than 9 years ago | (#11228515)

Are you positive you aren't interested in getting a bigger p3n1s?

how about... (0)

Anonymous Coward | more than 9 years ago | (#11228235)

...a worm or virus that removes Windoze and runs the Debian-Sarge net installer and it only runs at midnight fridays so when people get to work on monday their Windoze box has bet automagically transformed in to a 1337 Debian-Sarge box complete with all the latest in Linux goodies :^)

Anti-IE worm... (5, Interesting)

Vague but True (804899) | more than 9 years ago | (#11228240)

How long before someone makes an "Anti-IE" worm that automaticaly installs FF on everyone's computers.

Re:Anti-IE worm... (0)

Anonymous Coward | more than 9 years ago | (#11228271)

That is an incredibly stupid idea.

Re:Anti-IE worm... (1)

myukew (823565) | more than 9 years ago | (#11228373)

There were already worms installing SETI@Home on peoples' computers. Alas, not very successfull

Re:Anti-IE worm... (1)

Sepodati (746220) | more than 9 years ago | (#11228473)

How about one that installs a BHO automatically and sets the homepage to the FF page? Have it periodically pop up boxes about how they should try FF, too... :)

---John Holmes...

Re:Anti-IE worm... (1)

4vidar (813131) | more than 9 years ago | (#11228563)

An Anti-IE worm sounds just too beneficial to me...

No such thing as a white worm (5, Interesting)

genessy (587377) | more than 9 years ago | (#11228249)

Even if the worm patched the site without defacing it yet again, it's still going to bog down networks by replicating. Perhaps a better alternative would be to send a simple e-mail to vulnerable sites and allow them to make the decision to patch or upgrade to the newest version.

Re:No such thing as a white worm (1)

fxer (84757) | more than 9 years ago | (#11228366)

It's a good thought, but I already get tons of spam that says "Virus Found On Your System, Run This Immediately!" or something similar. It would seem unlikely that another, even legitimate, email about your system being "insecure" might not make it through the noise.

Re:No such thing as a white worm (1)

jnguy (683993) | more than 9 years ago | (#11228505)

As I mentioned before, everyone is assuming that even if an admin knew about the vulnerability, they would do something, or know how to do something about it. Worms cause martial law on the internet.

Re:No such thing as a white worm (2, Insightful)

DeVilla (4563) | more than 9 years ago | (#11228568)

Perhaps a better alternative would be to send a simple e-mail to vulnerable sites and allow them to make the decision to patch or upgrade to the newest version.

This sounds really great in theory. Unfortunately, I know too many people who politely explained to someone that that had a security problem, just to have an embarressed admin turn around and claim that the person pointing it out must a hacker breaking into the system.

I even know a case where a person explained that the password on windows 95 was not meant for security purposes and that you could bypass it by clicking cancel, just to be reprimanded for breaking into computers he was authorized to use.

These day's, I would think real hard before telling somebody you don't know that they have a security problem. People don't turn down the opporunity to punish good deeds often enough.

BTW. I'm not saying the worm is a good idea. Even if the intentions are all good, if it fails in some unexpected way, it is still the author's fault. He/she has no right to be tampering with other people's system without their permission.

Re:No such thing as a white worm (1)

aoteoroa (596031) | more than 9 years ago | (#11228603)

In the article Mikko Hyppönen, complained that, "although the worm may seem beneficial, in fact it is likely to cause problems for administrators who will have to handle the increase in traffic."

But the way I see it your site only gets infected by this worm if you are running an old version of php (less than php-4.3.10). The best way for an admin to deal with the traffic is just patch your system in the first place.

No vulnerability.
No worm.
No increased traffic.

The time to patch your servers was two weeks ago, but better late than never.

Wow, thanks for the "research" michael! (-1, Flamebait)

Anonymous Coward | more than 9 years ago | (#11228267)

You pointed out that slashdot mentioned something 10 days ago. SO WHY WON'T YOU FUCKWAD "EDITORS" CHECK FOR DUPES THEN? Face it, michael, no matter how hard you try you are going to be the most pathetic, worthless slashdot "editor" ever. Your leftist, pro-socialist anti-capitalism views will forever stain your reputation as anyone who should be listened to.

I don't know... (-1, Flamebait)

Anonymous Coward | more than 9 years ago | (#11228308)

Timothy is neck-and-neck with michael. More like dick-and-dick.

In reality, it's more like this:

Subject: Wow, thanks for the "research" $EDITOR!
Body: You pointed out that slashdot mentioned something 10 days ago. SO WHY WON'T YOU FUCKWAD "EDITORS" CHECK FOR DUPES THEN? Face it, $EDITOR, no matter how hard you try you are going to be the most pathetic, worthless slashdot "editor" ever. Your leftist, pro-socialist anti-capitalism views will forever stain your reputation as anyone who should be listened to.

Re:I don't know... (-1, Flamebait)

Anonymous Coward | more than 9 years ago | (#11228377)

More like dick-and-dick.

More like dick-in-ass, just a question of which dick in which ass. Then post dick-in-ass becomes shitstained-dick-in-CmdrTaco's-mouth as he cleans up the cum and feces with his tongue while Kathleen rides his ass with a 14" strap-on. Then Cowboy Neil, too fat to move himself, has Hemos rim his foot-wide anus while michael chants pro-Marxist propaganda songs.

What? That doesn't exist! (4, Funny)

Epistax (544591) | more than 9 years ago | (#11228282)

Driftwood: "It's alright, that's in every contract! That's what they call the 'Sanity Clause.'"
Fiorello: "Ha-ha-ha-ha-ha. You can't fool me...there ain't no Sanity Clause."

Survival of the fittest (4, Interesting)

melvo (841054) | more than 9 years ago | (#11228296)

The "success" of viruses and worms so far have been characterised by their ability to reproduce. This bears some resemblance to their genetic counterparts.

Perhaps the next phase will be a virus or worm that follows genetic theory. The genetic features that would have to be modelled would be:

1) it is considered beneficial
2) it can reproduce
3) it can mutate

The successful entities would then survive, and the unsucessful mutations would die out. Survival of the fittest?

Updating (2, Funny)

bredk (838817) | more than 9 years ago | (#11228297)

Perhaps this will be the new way of opensource updating..?

which brings up another question... (4, Interesting)

zogger (617870) | more than 9 years ago | (#11228302)

... well, to me anyway because I just don't know. There are a lot of distros out there, including all the various "live" versions, and various ways to install. I am wondering, is there such a beast as a no brainer, one click to install Linux distro that works over the internet and would seamlessly replace a users windows install with a working and safe while downloading and installing linux distro? I mean, a windows user (or another linux user, whatever) clicks on a webpage link and off she goes? With broadband now, it's common to downloand an ISO and burn it, I was just wondering if there was a distro that was designed from the ground up to eliminate that intermediary step. Say someone had finally just had it with windows problems, just said to heck with it, just replace this whole mess with something else, etc. Click, download, install, as easy as a normal app? I know there are "network" installs, but those are usually targeted at corporations where a lot of PCs are on the LAN, etc, I mean one for joe raw beginner newbie home user surfer.

Site Maintainer Rejoice? (1)

GabrielPM (633823) | more than 9 years ago | (#11228372)

I hope that site maintainers patch the software themselevs, as opposed to waiting for this beast to do the work for them :)

Makes you think. (1)

northcat (827059) | more than 9 years ago | (#11228429)

Its possible to understand the motivations of the original virus writer (All your forum are belong to us.), but it makes you wonder what the motivations are of the anti-worm writer.

Re:Makes you think. (1)

Bad Ad (729117) | more than 9 years ago | (#11228483)

his site was infected and he wanted to do something about it?

hes a dev of phpbb and knows most users wont update and doesnt want his app getting a bad name?

theres numerous possible reasons.

Re:Makes you think. (1)

shadowsurfr1 (746027) | more than 9 years ago | (#11228531)

Or he's trying to actually help people.

Nice thought but... (3, Informative)

Tajas (785666) | more than 9 years ago | (#11228442)

This was a nice thought of sorts on the writers hands and is a good wake-up call to make people upgrade their outdated sites. I did a simple google search and found 2 sites that were hit by this anti-santy worm. I wonder what the admins of these sites are going to tell the people they work for?

Below are 2 sites that as of this posting have:
viewtopic.php secured by Anti-Santy-Worm V4

Your site is a bit safer, but upgrade to >= 2.0.11 !!
Upgrsrv:201.255.84.219/

http://www.ifotografi.it/secure.php/ [ifotografi.it]

http://www.forum.moto-portal.pl/secure.php/ [moto-portal.pl]

OZZIE OZZIE OZZIE! (0)

Anonymous Coward | more than 9 years ago | (#11228500)

OI! OI! OI!

First "Happy New Year, Australia!" post!

And just to go back on-topic, I've believed that a white-hat counterattack of system-patching viruses is long overdue. True, there will be collateral damage to the net with all the excess traffic - but will the short-term system strain be outweighed by the resulting decrease in zombied boxes flooding the net with viruses & spam? I think so, but I'm not nearly smart enough to say a definitive "yes." Any engineers/sysadmins care to weigh in?

Robin hood (1)

adeydas (837049) | more than 9 years ago | (#11228527)

That's the E-Robin Hood folks. However, it won't make much of a difference (compared to bad worms) in Windoze though.

The Code (4, Informative)

RobertTaylor (444958) | more than 9 years ago | (#11228564)

Full code of asw.txt here.... [greatdeal.co.uk]

This is the code of the worm extracted from a vulnerable box.

# asw: anti santy worm
# this worm will try to fix any viewtopic.php on local box
# will use this box for 1 day to search other buggy phpBB forums, and end.

etc...
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...