On Wed, 8 Aug 2001, Or Botton wrote:
> Code Red 2 also puts a back door on a victim's system. I and a friend
> have written a PERL script that catch specific Code Red 2 scans,
> and then connect to the victim's machine trough the back door and:
> 1)Generate a file on the victim's hard disk explaining the problem.
> 2)Opens the file with NotePad on the victim's computer.
> 3)Disable the backdoor.
You do realize of course that this is illegal in
most countries. I hope you're covering your tracks.
No matter what the rationale, or what your good
intentions, the act of adding, subtracting or
modifying files on any system without authorization
is the "test" for illegality.
Yes, even closing their back door is technically
illegal unless they asked you to do it... would it
ever be prosecuted? Probably not in the US. I don't
know about other countries.
> Unfortunatly, I have no idea how to disable the virus itself, so
> it will keep on spreading.
This is the best information I've seen yet on CRII:
http://www.incidents.org/react/code_redII.php
> This is what the text file is for -
> alarming the user that he/she is infected, and where to get the
> patch.
Instead of writing it to a file, why not just write
it to the infected machine's desktop?
- Steve
