Re: [Full-Disclosure] phpBB Worm writers are dumb
From: Stian Øvrevåge (sovrevage_at_gmail.com)
Date: Tue, 4 Jan 2005 08:47:32 +0100 To: EmirAga <firstname.lastname@example.org>
On Mon, 3 Jan 2005 17:40:28 +0100, EmirAga <email@example.com> wrote:
> lots has passed since releasing a phpbb worm by some stupid people, i will
> list my oppinion about it.
> - why release a worm? not sure about newer ones, but first one did not do
> anything, so, whats the point?. Worm will warn whole world about
> vulnerability and most of servers will patch it, without worm it would stay
> just another bug in their forum and most non will worry about it. Security
> _penetators_ are loosing their jobs because of you.
So, releasing a worm that does nothing but warn the world and getting
the holes patched? I would agree this is stupid from a black-hat's
point of view, but I think it's better that some kiddies exploit and
expose the vuln/exploit than some organized criminals. Have you ever
done something for the kick off it? The message I'm replying to now,
is there a point? Except saying they are stupid?
> - first worm sent a thousand requests before infection. The newer one do
> 'wget' it from static http location. STUPID. Simply worm could send his self
> by POST or FILE_UPLOAD method since they are not written in logs. In logs
> would be written a small request that most administrators will not notice.
> what's wrong with eval($_POST[x])?
It is possible for the authors to replace the scripts and hence, load
different payloads as time goes, it hasn't been done, but it is a
possibility. I would say this is harder with self-carrying code.
> - first worm wrote his self to current directory, we all know that in most
> cases this will fail. Better solution would be to write to /tmp, or even
> better to use upload $_FILES[worm][tmp_name]. So stupid!
> - Why didn't they removed comments and replaced their variables with smaller
> ones, so worm will go faster.
Agree with this one, it's not very "nice" code to look at, especially
when it's in some strange foreign language.
> i just hope no one will rewrite its code with newer _version_ cuz then i will
> be the stupid one here.
> just wanted to say that worm writing sucks and real programmer will never
> release one.
I myself are fascinated by worms, but then again I'm not a real programmer.
My two cents
Full-Disclosure - We believe in it.