1  |   Order by index

Aug 31, 2001, 6:54am

http://www.dynwebdev.com/codered/

"Code Red Vigilante." It's actually a harmless bait-type program that
simulates an IIS
server. When it receives the buffer overflow string that Code Red sends out,
it attempts to pop a message window up on the offending computer, using
the internal messaging service in NT4/2K. If it's successful, it informs
the person that they are indeed infected, and directs them to a web page
detailing their problem.

It's written completely in Java, and thus requires the Java Runtime
Environment (http://java.sun.com/j2se/1.3/jre/) to operate.

The only caveat is that you can't be
running another service on port 80. I run it on 3 of the 4 machines in the
house, and get several confirmed "decaffeinations" (you'll have to read the
web site) per day.

Just a lil' something you might want to try, and help get as many of these
infected machines off the 'net as we can.

Aug 31, 2001, 1:26pm

This was mentioned in Steve Gibson's GRC newsgroups
(news://news.grc.com/) several weeks ago. Although I don't personally
see anything wrong with the program, many users in the GRC newsgroups
were debating whether or not it it ethical to have the program "modify"
something on the infected computer.

Builderz
Stuff-X - Bot & World Hosting Services
http://aw.stuff-x.com/
PGP Key ID: 0xAC0E7073 (for non-commercial use)

[View Quote]

Aug 31, 2001, 3:44pm

Well, if all it did was execute a program to popup a message warning the administrator, I doubt it could be called intrusive.

-Agent1

[View Quote]

Aug 31, 2001, 4:48pm

I agree with you, Agent. I was just stating a fact that other users on
the GRC newsgroups thought that it was unethical to run because they
believe that no one else should modify another person's computer system
without their knowledge, whether the action has a positive or negative
effect. In another forum (I think it was somewhere on DSLreports.com),
some were even questioning if the program was legal. I'm just passing
along what I've read.

Builderz
Stuff-X - Bot & World Hosting Services
http://aw.stuff-x.com/
PGP Key ID: 0xAC0E7073 (for non-commercial use)

[View Quote]

Aug 31, 2001, 5:56pm

Well if they knew it was modifying their computer and still chose to run it
anyways, wouldnt' that be an ethical use?

--
Chris
Eagle Scout, Philosopher, Peacemaker, and... Kung Fu Master?
http://www.winternet.com/~mikelr/flame1.html

[View Quote]

Aug 31, 2001, 9:02pm

I'm trying to figure out why those people think it's "modifying" the
infected computer...all it does is send a message back to inform the user
that their machine is infected with the worm. No more, no less. It utilizes
the Alerter service that's built right into Windows.

I generally like GRC, and I think ol' Steve does some pretty good
programming. But there are lot of people who think Steve Gibson speaks out
of his fundamental orifice when it comes to security matters :-)
http://www.grcsucks.com/

[View Quote]

Aug 31, 2001, 9:07pm

Yes. Go to http://www.dynwebdev.com/codered/#discussions and read what
others think about the program. All I was saying is that *some* people
did not want to run the program because it modifies certain things on
the infected computer's system when trying to alert the admin of the
worm. They did not want to run the program because of this fact. Others
were debating whether or not it was even legal for an average user to
download the program and run it. Another group of people installed it on
as many computers as they could. The point I was trying to convey is
that it is up to the indivual user to decide if they want to run it, and
it has been called an "iffy" program by some. I was just trying to give
a little "heads up." Some users won't touch it, some think it is
illegal, while others support it very much. Just trying to give the
different point of views.

Builderz
Stuff-X - Bot & World Hosting Services
http://aw.stuff-x.com/
PGP Key ID: 0xAC0E7073 (for non-commercial use)

[View Quote]

Sep 1, 2001, 1:24am

Addendum to that: it also has the infected machine's computer contact the
dynwebdev.com server through Internet Explorer. Still no modification there
though...the "script" command doesn't actually run a script of any sort, it
runs IE and sends it to a simple hit counter page. The modification has
already been done by the worm - otherwise, the particular command that
triggers IE wouldn't work at all.

Sorry if it sounds like I'm trying to start a big to-do about this, because
that's not my intention at all. I'm just trying to figure out how anyone can
consider a literally harmless program "iffy" or "illegal."

[View Quote]

Sep 1, 2001, 11:08am

Okay, here are some quotes from a discussion on the program from
http://www.dslreports.com/forum/remark,1253119;root=security,1;mode=flat:

o "But if this application doesn't come with source code, you'd be out
of your mind to run it."
o "And if you run this from your personal machine, you will undoubtedly
be violating your Terms Of Service set forth by your ISP. You may also
find yourself accused of interference by the owners of the infected
machines. If you run this from where you work, you could be exposing
your employer to legal risks, too."
o "I am much too paranoid to get involved with this kind of crusade by
putting my own or my company's resources into the fray."
o "The program no doubt has to actually enter the computer and place a
file or modify something to bring the warning up. That by itself could
be considered illegal no matter how good your intentions are."
o "Sometimes you'll find out that some users won't appreciate the
notification even if it serves them well and you may find a few new
enemies."
o "The program can actually cause you harm by opening your port 80 if
it's not written properly."
o "If you're getting hit, why not just grab the IP from your logs and
notify the ISP owner of the IP? Let them deal with it."
o "But it runs code on the other machine. This is certainly tampering,
and would be prohibited by your ISP's TOS and open you and/or your
employer to liability."
o "I don't know how it works in Canada, but in the USA hacking into
another person's computer without permission regardless of your
intentions is a crime."
o "Well actually the script you linked to, does copy things to the hard
drive. The first line creates a net send alert. The second line creates
an Internet shortcut and puts it on your drive C:. the third line writes
in to the shortcut file and the forth line creates another file on your
hard drive and puts the text 'lysine deficiency' in it. Why? Beats me."

Those are just a few quotes of people's opinions regarding the program.
I am not saying that I agree with anything or everything being said, I
am just trying to show different people's perspectives on the program
from an ethical viewpoint. The types of users quoted above believe that
it is against some good standing computer science principals to not
modify anything system that doesn't belong to them, even if the
modification does something good (like patch a hole or fix a security
flaw). I'm just passing along what I have read and each individual user
can make up their own mind if they want to run and use the program or
not.

Builderz
Stuff-X - Bot & World Hosting Services
http://aw.stuff-x.com/
PGP Key ID: 0xAC0E7073 (for non-commercial use)

[View Quote]

Sep 3, 2001, 6:56am

I can see the other side of the argument on this one, points conceded and
accepted :)

I don't really have anything else to add to this thread, but I wanted to
thank you for being civilized and unbiased about the whole thing. It's not
often that a potentially volatile subject can be discussed in such a calm
fashion - and even if it sounds corny, I'm gonna say thanks for upholding
the "spirit" of Usenet :-)

-DB

[View Quote]

1  |   Order by index