Re: Deloder worm has resurfaced. Watch your privacy!

From: Nick FitzGerald (nick@virus-l.demon.co.uk)
Date: 03/29/03 

From: "Nick FitzGerald" <nick@virus-l.demon.co.uk>
Date: Sun, 30 Mar 2003 00:30:08 +1200

"John" <Yochanon@yahoo.com> wrote:

Note: "Followup-To: overruled and original posting list restored.

Note^2: A good sign to start with one is dealing with an arsehole and/or
plonker -- he wants everyone to see his opinion but wishes to "restrict"
the response of those he replies to.

<<snip entire quote of my post>>
> What a crock! S/he put it out, because if left up to "them" (those who are
> supposed to fix the 'problem'), they'd never get off their asses until 6 months
> from now! As a matter of fact, M$ has said themselves they won't be 'fixing'
> some exploit/bug/security flaw in NT4, because it's just too much of a pain in
> the *** (essentially).
> These things need to be exposed, so that the company(s) who make these
> apps/software, quit hiring sloppy/lazy/scriptkiddies, and get back to
> *QUALITY*, not 'how fast can you guys turn this out so we can sell it?'. Funny
> how the opensource community gets right on these kinds of things almost
> instantly, meanwhile, M$ and its cronie companies sit on it to 'see if it's a
> bad as it might be'. Pretty pathetic.

Excuse me, but what -- apart from displaying your complete lack of
intellect -- has that to do with what was being discussed?

A quick recap for the cranially challenged (John included)...

Kyle posted about a Windows 2000/XP-specific worm that spreads through
weakly passworded admin shares on machines running those OSes. It does
this by the trivially simple expedient of generating an IP address and
repeatedly attempting the rough programmatic equivalent of

   net use * \\<ip>\IPC$ <pwd>

where <ip> is the randomly generated IP address and <pwd> is one of
approximately 80 in a hardcoded list in the worm's code including the null
string (representing a blank password). In short, it does not involve an
"exploit" in the sense of involving something the vendor can fix and is
solely an "exploit" of administrative or user laziness and/or stupidity.
Hell, Unix boxes are just as "vulnerable" to such flaws to the extent their
typical users are as stupid/lazy as to set null or otherwise laughably weak
passwords on critical network accessible resources.

Anyway...

WTF this might have to do with the quality of Microsoft's software (which
I agree is generally poor), the speed with which Microsoft (or any other
s/w developer) produces patches for its s/w once someone points out a
grievous flaw, or any of the other topics you vaguely touched on is a
mystery to me. You also entirely failed to comment one way or the other
on my critcisims of Kyle's lack of professional ethics in publishing the
"magic" password that allows anyone with that password and access to a
machine suspected of having been compromised by this worm full access to
it. In short, your post was entirely off-topic as a reply to mine.

Given you tried to restrict my, or any other, response to your message to
alt.comp.virus, one has to suspect that you are vying for the "a.c.v tosser
of the year" award. (Perhaps you know that Sooooog has left a.c.v and thus
see this as the big chance for your breakthrough year vis a vis the award?) 

--
Nick FitzGerald
Quantcast