Re: [Full-Disclosure] phpBB Worm writers are dumb

From: Stian Øvrevåge (sovrevage_at_gmail.com)
Date: 01/04/05

  • Next message: Jakob Balle: "[Full-Disclosure] Secunia Research: Mozilla / Mozilla Firefox Download Dialog Source Spoofing"
    Date: Tue, 4 Jan 2005 08:47:32 +0100
    To: EmirAga <emiraga@emiraga.com>
    
    

    On Mon, 3 Jan 2005 17:40:28 +0100, EmirAga <emiraga@emiraga.com> wrote:
    > lots has passed since releasing a phpbb worm by some stupid people, i will
    > list my oppinion about it.
    >
    > - why release a worm? not sure about newer ones, but first one did not do
    > anything, so, whats the point?. Worm will warn whole world about
    > vulnerability and most of servers will patch it, without worm it would stay
    > just another bug in their forum and most non will worry about it. Security
    > _penetators_ are loosing their jobs because of you.
    >

    So, releasing a worm that does nothing but warn the world and getting
    the holes patched? I would agree this is stupid from a black-hat's
    point of view, but I think it's better that some kiddies exploit and
    expose the vuln/exploit than some organized criminals. Have you ever
    done something for the kick off it? The message I'm replying to now,
    is there a point? Except saying they are stupid?

    > - first worm sent a thousand requests before infection. The newer one do
    > 'wget' it from static http location. STUPID. Simply worm could send his self
    > by POST or FILE_UPLOAD method since they are not written in logs. In logs
    > would be written a small request that most administrators will not notice.
    > what's wrong with eval($_POST[x])?

    It is possible for the authors to replace the scripts and hence, load
    different payloads as time goes, it hasn't been done, but it is a
    possibility. I would say this is harder with self-carrying code.

    > - first worm wrote his self to current directory, we all know that in most
    > cases this will fail. Better solution would be to write to /tmp, or even
    > better to use upload $_FILES[worm][tmp_name]. So stupid!
    >
    > - Why didn't they removed comments and replaced their variables with smaller
    > ones, so worm will go faster.

    Agree with this one, it's not very "nice" code to look at, especially
    when it's in some strange foreign language.

    > i just hope no one will rewrite its code with newer _version_ cuz then i will
    > be the stupid one here.
    >
    > just wanted to say that worm writing sucks and real programmer will never
    > release one.
    >
    > greets

    I myself are fascinated by worms, but then again I'm not a real programmer.

    My two cents
    - Stian
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Jakob Balle: "[Full-Disclosure] Secunia Research: Mozilla / Mozilla Firefox Download Dialog Source Spoofing"