Re: [Full-Disclosure] phpBB Worm writers are dumb

From: Stian Øvrevåge (sovrevage_at_gmail.com)
Date: 01/04/05

  • Next message: Jakob Balle: "[Full-Disclosure] Secunia Research: Mozilla / Mozilla Firefox Download Dialog Source Spoofing"
    Date: Tue, 4 Jan 2005 08:47:32 +0100
    To: EmirAga <emiraga@emiraga.com>
    
    

    On Mon, 3 Jan 2005 17:40:28 +0100, EmirAga <emiraga@emiraga.com> wrote:
    > lots has passed since releasing a phpbb worm by some stupid people, i will
    > list my oppinion about it.
    >
    > - why release a worm? not sure about newer ones, but first one did not do
    > anything, so, whats the point?. Worm will warn whole world about
    > vulnerability and most of servers will patch it, without worm it would stay
    > just another bug in their forum and most non will worry about it. Security
    > _penetators_ are loosing their jobs because of you.
    >

    So, releasing a worm that does nothing but warn the world and getting
    the holes patched? I would agree this is stupid from a black-hat's
    point of view, but I think it's better that some kiddies exploit and
    expose the vuln/exploit than some organized criminals. Have you ever
    done something for the kick off it? The message I'm replying to now,
    is there a point? Except saying they are stupid?

    > - first worm sent a thousand requests before infection. The newer one do
    > 'wget' it from static http location. STUPID. Simply worm could send his self
    > by POST or FILE_UPLOAD method since they are not written in logs. In logs
    > would be written a small request that most administrators will not notice.
    > what's wrong with eval($_POST[x])?

    It is possible for the authors to replace the scripts and hence, load
    different payloads as time goes, it hasn't been done, but it is a
    possibility. I would say this is harder with self-carrying code.

    > - first worm wrote his self to current directory, we all know that in most
    > cases this will fail. Better solution would be to write to /tmp, or even
    > better to use upload $_FILES[worm][tmp_name]. So stupid!
    >
    > - Why didn't they removed comments and replaced their variables with smaller
    > ones, so worm will go faster.

    Agree with this one, it's not very "nice" code to look at, especially
    when it's in some strange foreign language.

    > i just hope no one will rewrite its code with newer _version_ cuz then i will
    > be the stupid one here.
    >
    > just wanted to say that worm writing sucks and real programmer will never
    > release one.
    >
    > greets

    I myself are fascinated by worms, but then again I'm not a real programmer.

    My two cents
    - Stian
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Jakob Balle: "[Full-Disclosure] Secunia Research: Mozilla / Mozilla Firefox Download Dialog Source Spoofing"

    Relevant Pages

    • Re: Panini
      ... word crven is closely related (Xur-Bel-Gon basis) to rumen ... I am NOT intelligent Kriha, ... stupid; and you seem to be even more stupid than I am! ...
      (sci.lang)
    • Re: Microsoft moves update site to LINUX -- Not
      ... >> they've been dancing around all over the place these last couple of ... they did not use Linux because they didn't have to. ... > the worm made a stupid immature mistake. ... > stupid sonofabitch and they cut his useless brains out. ...
      (alt.os.linux.suse)
    • Re: Howie and the worm.
      ... THIS IS ALL SO STUPID, WHY DOES NOT HOWIE, JUST CALL UP THE WORM IN ST ... LOUIS AND VERIFY THE GUY. ... Lets end this shit right now, I will accept any bet, for 10K, I am not ...
      (rec.sport.billiard)
    • [Full-Disclosure] phpBB Worm writers are dumb
      ... lots has passed since releasing a phpbb worm by some stupid people, ... - first worm sent a thousand requests before infection. ... by POST or FILE_UPLOAD method since they are not written in logs. ...
      (Full-Disclosure)