> There is no such thing as a "good" worm. That of course, depends on your perspective. I can't remember who but I remember someone commenting on writing a worm that exploits IIS, installs Apache, then removes IIS. ;-)
What I meant by "good" was more from the interesting and wow effect. To me, at least the worms are forcing people to patch boxes. Yes, I understand that admins are busy but come on -- we have battled with patching boxes as long as I can remember -- when are people (not just admins) going to catch on that this is important. No one is going to change the fact that we have insecure code. > People used to make the same argument about spam. Ah, just > delete it. > It's no big deal. But if we have Code Red (all variants) and > Nimda and Slammer and Slapper and so forth and so on, do you > really want to argue that that has no effect on bandwidth? > What would the Internet be like if all that excess traffic > wasn't there? I really should do some bandwidth analysis on a few networks but I never really thought the Code Reds and Nimdas of the world were that intensive. Sapphire for that matter, did cause bandwidth issues, especially for those who were not patched. So you point is well taken. > Read what you wrote, Steve. "The effect is pretty much > zero", yet this comes right after "I see a ton...." If you > didn't have the crap in your logs, what could you be doing > with your time? The effect isn't zero. > You've simply learned to live with a degraded system where > Internet worms are the norm and you no longer realize what it > was like not to have to deal with the crap. In relation to the Code Red traffic I see a ton of -- I do believe that the effect is at least next to zero. > It's not scary, Steve. It's a PITA. It's not like admins > are sitting around twiddling their thumbs waiting for the > next worm battle. There's plenty to do in IT without the > "distraction" of worms and malicious code and all the other > crap that idiots put out there. I understand that admins are busy people -- I used to be one. But in reality are there that many boxes still out there with the ports required for exploitation open? Again, I should probably put my beer down (but its almost Vegas week) and do some actual research. I am fully aware that you can exploit this over IIS if it is enabled. > > Hell, maybe I will write one myself. ;-) > > > If you do, then I'll add you to my list of true assholes. :-) Paul, if I haven't gotten on your list of true assholes yet I am not trying hard enough. I would have thought that I got there years ago. ;-) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
