Slashdot Mirror

← Back to Stories (view on slashdot.org)

Wired To Publish Slammer Source Code

Posted by CowboyNeal on from the here-take-two-copies dept.

Juan Carlos writes "Wired Magazine is going to publish the source code to the SQL Slammer worm in its next issue, due Tuesday, along with some kind of play-by-play of the worm's rapid spread. I actually think this is a neat idea for an article. But the fact is, the disassembly of Slammer (aka Sapphire) has been available on the Net since late January -- just hours after the worm started to spread."

158 comments

  1. But the fact is..? by Phroggy · · Score: 5, Insightful

    But the fact is, the disassembly of Slammer (aka Sapphire) has been available on the Net since late January -- just hours after the worm started to spread.

    Ummm...

    So?

    Of course people started looking at the code as soon as it was unleashed, and of course they wrote their own descriptions of how it worked. Maybe Wired could do a better job of explaining it to their readers? Besides, I'd bet most of the people who read the magazine didn't read that disassembly you referenced.

    Wired thinks they have a story that will interest people. They're probably right. If you're suggesting that Wired must have stolen it, I think you're being silly, and if not, then what's the issue here?

    --
    $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
    $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
    1. Re:But the fact is..? by Surak · · Score: 1, Insightful

      Besides, I'd bet most of the people who read the magazine didn't read that disassembly you referenced.

      I think the poster's implication is more what you confirm here: Wired is a wannabe rag. ;)

      --
      My journal has hot /. gossip.
    2. Re:But the fact is..? by Anonymous Coward · · Score: 1, Interesting

      Maybe Wired could do a better job of explaining it to their readers?

      Better than eeye? Nope, that analysis is probably what Wired has based their analysis on.

    3. Re:But the fact is..? by pfguy · · Score: 1

      I'd honestly buy that issue of Wired, since I am far to lazy to google for the source and from what I've read Wired is a good magazine.

    4. Re:But the fact is..? by Phroggy · · Score: 2, Insightful

      Better than eeye?

      Perhaps better for Wired's readers, which are different than eEye's readers.

      Nope, that analysis is probably what Wired has based their analysis on.

      You don't think Wired is capable of doing their own analysis on source code they've had access to for six months?

      --
      $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
      $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
    5. Re:But the fact is..? by monkey_tennis · · Score: 3, Insightful

      But that's the point. Eeye analysed the code for one audience, but that won't be accessible to most people. Wired generally does a good job of introducing complex subjects clearly for the layman.

    6. Re:But the fact is..? by Phroggy · · Score: 0, Funny

      You are apparently too lazy to click the links provided in the submitter's posting, also.

      This is Slashdot! You should be ashamed of yourself for suggesting such a thing. ;-)

      --
      $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
      $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
    7. Re:But the fact is..? by rkz · · Score: 2, Informative

      Why dont you then, I can't because the nearest place to me that sells it is about 50 miles away.

      They have got some brilliant articles in the magazine just look at their recent coverage of the Iraqi war and the tech used by Allied soldiers.
      Well I could always subscribe but I don't really want to spend $70.

      Anyway should be interesting to read!

      --
      There is no god
    8. Re:But the fact is..? by nautical9 · · Score: 2, Insightful

      I don't like speaking for people, but I imagine the submitter was just trying to stave off the inevitable cries of "but this will only encourage the script kiddies!", by showing that it's already been available online for some time.

    9. Re:But the fact is..? by Machine9 · · Score: 2, Insightful
      This is exactly what I was thinking...

      but basically, being a script kiddie means you don't know how to do stuff yourself...

      So I'm guessing the odds of a kiddie modding the worm into something REALLY deadly are quite slim to begin with.

      --

      Machine9dotNet

    10. Re:But the fact is..? by pfguy · · Score: 1

      Yes I am

    11. Re:But the fact is..? by los+furtive · · Score: 2, Interesting

      Wired is a wannabe rag. ;)

      No, its readers are. But I think the real point is that Wired is doing something atypical and more akin to 2600: The Hacker Quarterly.

      --

      I'm a writer, a poet, a genius, I know it. I don't buy software, I grow it.

    12. Re:But the fact is..? by Anonymous Coward · · Score: 0


      Wired thinks they have a story that will interest people

      It is just a fucking pubicity stunt. Wired probably is hoping that some idiot like Steve Gibson will start screaming about how publishing the source code in a magazine that sits in grocery stores everywhere will result in a million modded copies of sapphire/slammer floating around wreaking havoc on the net.

      Wired is just trying to create controversy in order to drive their sales up. Wired is a poseur rag that is nothing but 90% advertisements anyways. I hope they die.

    13. Re:But the fact is..? by aminorex · · Score: 1

      One would hope that they would be clever enough
      to make use of the existing work, rather than
      reproducing it all from scratch.

      --
      -I like my women like I like my tea: green-
  2. Good idea by powerline22 · · Score: 5, Interesting

    While the code has been available for a while on the internet, Wired is probably doing this to make an example of what Windows users are facing, and are probably going to explain as much as they can with the code.

    1. Re:Good idea by monkey_tennis · · Score: 3, Informative

      Exactly right. As the link above shows the code is in assembley langauge, which most people would need some help with.

    2. Re:Good idea by jj_johny · · Score: 4, Interesting

      More to the point, most of the press and incident reports talk about the infection from the single machine point of view and then jump up to the total numbers of infected machines without mapping out what happens in between the two. I hope they talk about percent of machines left vulnerable (idiots that have their SQL on the internet), how the jump from one host to another works, how effective the jump is... In other words, I would like to see the epidemiology of a computer virus.

  3. You can picture it now.... by MosesJones · · Score: 5, Funny


    Reader : "I wonder if they've patched the internal servers here at work...."

    Types in the slammer code, compiles it and runs it up...

    Reader : "Nothing seems to be happening"

    Meanwhile in another part of the building

    Manager: "What do you mean the whole UAT environment has gone down?"

    --
    An Eye for an Eye will make the whole world blind - Gandhi
    1. Re:You can picture it now.... by Anonymous Coward · · Score: 0

      Actually... You don't compile assembler code!
      You run it through an assembler...

    2. Re:You can picture it now.... by archen · · Score: 3, Funny

      If the users on the network I admin actually started compiling their own code, I'd shoot myself. It's bad enough not getting them to click on every attachment. God knows what they would compile on their own.

    3. Re:You can picture it now.... by Anonymous Coward · · Score: 0

      yeah yeah, semantics. There's rarely a bijection between assembly code and machine code anyway, what with most flavors using a bunch of macros and all. Not all assemblers are all that simple. I know this, having written one for sparc.

    4. Re:You can picture it now.... by bj8rn · · Score: 1
      *User sees a little grey box on the screen

      Little Grey Box: Click here to bring down the network!

      User: *Confused - but decides that this MUST be important* Click!

      User: Hmmm... Nothing? I think it fixed it, then.

      *Camera flies through the building, to a little dark cell in the basement

      Someone: AAAAAARRRRGGGGHHHH!

      --
      Hell is not other people; it is yourself. - Ludwig Wittgenstein
  4. unfortunatly... by hatrisc · · Score: 2, Insightful

    it may bring about new ideas for people to exploit. a detailed description of a worm like this is just what some wanna be h4x0r needs to get into it. even the source code as it appears in that link is documented enough for someone with some skills to know what's going on. a detailed description? that's a goldmine.

    --
    I write code.
    1. Re:unfortunatly... by emo+boy · · Score: 2, Insightful

      That's not necessarily true. Most people lack the motivation to actually sit down and learn something like that. The kind of people who would...well they'd probably figure out how to do it some other way eventually. It's not really a goldmine until you do something productive with it. In the meantime it's a nice way for the /. crowd to flex their geek muscles by spending half their workday looking at worm code. :)

      --
      ___ Shout Central - Crushes your nuts!
    2. Re:unfortunatly... by Chatterton · · Score: 2, Interesting

      Some years ago 2 book have been on the shelves "naissance d'un virus" (born of a virus?) and "mutation d'un virus" (mutation of a virus?) with all the source codes with the complete polymophic mutation engine (TPE). All wannabe h4x0r can take from these book all is needed to write viruses. Did you see rampant virus propagation when they have been out? not me. And second point: From this source they can write worm who work like slammer and then detectable like slammer by antivirus...

    3. Re:unfortunatly... by BlackHawk-666 · · Score: 1

      The code presented is pretty standard fare for viruses. Nothing to see here...move along ;-) These techniques are already well known and used among h4x0rs.

      --
      All those moments will be lost in time, like tears in rain.
  5. But that doesn't mean... by Advocadus+Diaboli · · Score: 5, Funny

    ...that SQL-Slammer is going to be Open Source, does it?

    1. Re:But that doesn't mean... by ecalkin · · Score: 4, Funny

      the original code was (is) copyrighted, assuming it was written in a country that has copyright laws.

      somehow i don't think that the owner of this copyright is gonna be knocking on the door to complain.

    2. Re:But that doesn't mean... by Anonymous Coward · · Score: 2, Insightful

      Worms and viruses are de-facto public domain in terms of copyright. Anybody can get a copy of them - usually inadvertently - and there is nobody to claim copyright.

      A disassembly is equivalent to the binary in terms of copyright. The copyright for any human-generated explanations and annotations belongs to whoever wrote them.

      Open source usually refers to the availability of the original source code, which usually isn't available for worms and viruses.

      Theoretically, the author of a worm or virus could probably claim copyright violations for any copies created by methods other than self-propagation, but that would be ridiculous because copyright violations are (or at least should be) minor issues compared to spreading a worm or virus.

    3. Re:But that doesn't mean... by Anonymous Coward · · Score: 0

      But they might be violating the DMCA. I'm sure the Slammer has some code in it to try to keep people from disassembling it.

    4. Re:But that doesn't mean... by BattleTroll · · Score: 1

      Couldn't the original copyright holder use the DMCA to prevent virus-protection software companies from reverse engineering their creations? Simply send out a nasty legal form demanding Symantec to cease sending virus scan updates. Write the virii with some basic self protection and one could argue the virus racket is circumventing a DRM protocol.

      I think that would be an appropriate use of the DMCA.

    5. Re:But that doesn't mean... by Anonymous Coward · · Score: 0

      Theoretically, the author of a worm or virus could probably claim copyright violations for any copies created by methods other than self-propagation, but that would be ridiculous because copyright violations are (or at least should be) minor issues compared to spreading a worm or virus.

      In fact, if a worm is written so that it sends a copy of itself to me, then it seem pretty clear-cut that I have at least the same rights concerning it that I would with e-mail sent to me. I certainly have the right to do anything I want with that copy, privately.

      However, when it is broadcast to the world, without any notice that it is protected by copyright, and the mechanism itself automatically propagates it, it would be hard for the author to argue that it was not being placed in the public domain.

      Besides, to successfully sue Wired, the writer would have to prove to the court that he was indeed the owner of the copyright. Proving that without avoiding liability for the damage done by it would be a neat trick.

    6. Re:But that doesn't mean... by arth1 · · Score: 1

      Not only is it copyrighted, but descrambling the hidden parts of it is clearly illegal under the DMCA.

    7. Re:But that doesn't mean... by UserGoogol · · Score: 1

      Almost. It's part of the "Illegal Activity License." The IAL is one in which the author will allow complete and utter distribution, at least until a statute of limitation runs out.

      Of course, the holder of the IAL has no obligation to release the original source code.

      ~User "IANAL of the IAL" Googol~

      --
      "Never attribute to malice that which can be adequately explained by stupidity." -- Hanlon's Razor
  6. Bring down the internet without complicated worms by Rosco+P.+Coltrane · · Score: 3, Funny

    June 5, 2003 -- Think of it as a how-to guide to bringing down the Internet.

    Here's my guide :

    1 - unplug the network cable

    Very effective DoS : nobody will be able to see your server from outside and your network connection will become very slow.

    --
    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
  7. So, by imadork · · Score: 5, Insightful

    Wired can publish the code to a computer virus, but not to DeCSS? That seems backwards to me. It seems like every day has been Opposite Day in the Tech industry lately...

    1. Re:So, by obi · · Score: 1

      Yea, wonder if people will still claim that code isn't/shouldn't be protected speech...

    2. Re:So, by Anonymous Coward · · Score: 0
      Wired can publish the code to a computer virus, but not to DeCSS? That seems backwards to me.

      Obviously someone needs to stick DeCSS in a virus :)

      I can just imagine the debates over publishing that would go on...

    3. Re:So, by curtisk · · Score: 1

      the virus isn't a "copyright circumvention device" like DeCSS is described......so its cool! Print it up!

      --

      Sehr geehrter Toilettenbenutzer!

    4. Re:So, by Paul+Boutin · · Score: 3, Informative

      Wired published the compete DeCSS Perl script, with an explanation of how it worked, under the headline "DVD Hacking for Dummies," three years ago. No one noticed.

      --
      Paul Boutin | writer for Slate, Wired, etc
    5. Re:So, by imadork · · Score: 1
      Thanks for the info, Paul. Maybe someone out there noticed when it was published, but I didn't.

      So, are you getting ready for the lawsuit over providing a clickable link to the DeCSS code? Or are you not worried, since you write for "respectable" rags and not for 2600?

    6. Re:So, by powerline22 · · Score: 1

      Actually, about a year or so they posted a small blurb "how to decrypt a dvd in 8 lines of PERL", and showed it off

  8. SCO to sue ? by Anonymous Coward · · Score: 5, Funny

    ... they had better pray that SCO code isn't used in it.

  9. Good publicity by kinnell · · Score: 5, Insightful
    But the fact is, the disassembly of Slammer (aka Sapphire) has been available on the Net since late January -- just hours after the worm started to spread

    That may be the case, but it's still a good way to obtain publicity, and thereby sell more copies. They've just managed to get a free advertisment on slashdot, after all.

    --
    If I seem short sighted, it is because I stand on the shoulders of midgets
    1. Re:Good publicity by evilviper · · Score: 2, Interesting

      I'm not too sure it was free... The article says it's already available, yet the editors posted it.

      Hmm, I can't help but wonder who's hand got greased.

      --
      Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
    2. Re:Good publicity by Anonymous Coward · · Score: 0

      Do you STILL think the Jessica Lynch rescue was faked? You stupid, ill-witted, cocksucking moron you. You REALLY think U.S. soldiers would have gone in with BLANKS as the article says? Are you THAT fucking stupid?!

    3. Re:Good publicity by ananke · · Score: 1

      they were flash-bang thingies. it's the goddamn press. first they put a big spin on it, eventhough pentagon didn't really admit to much, then they're putting a huge spin down [such as emphasising that there were no military at the hospital, yet the goddamn hospital crew says that military was stationed there up to few hours before the rescue, then they abandoned their place].

      and to say it was faked, is even more ignorant than what the media says.

      --
      --- d'oh
    4. Re:Good publicity by Anonymous Coward · · Score: 0

      Hey, I grease my own palm every night (otherwise I chafe)

  10. in other news by lingqi · · Score: 3, Interesting
    Ashcroft wants a tougher Patriot Act .

    wonderful world, isn't it? How many years before we can't publish this kind of stuff on magzines?

    --

    My life in the land of the rising sun.

    1. Re:in other news by erikdotla · · Score: 1, Interesting

      Answer: 0

      I'll bet that the gub'ment comes down on Wired for doing this, even though we all know it's widely available source already. The gub'ment does not look at things so deep. They'll attack Wired for what they appear to be doing on the surface - disseminating hostile source - hell, they could be considered Terra-rists after this issue.

      --
      # Erik
    2. Re:in other news by RobotRunAmok · · Score: 1, Insightful

      There is nothing Wired would like more than a little controversy, something that paints them as "rebel/cool." Once upon a time, with their iconoclastic subject matter and interviewees, lower-east-side-art-school-drop-out color schemes and layouts, all close on a decade ago, Wired was 'da bomb.' They were tekno/geek/cool, just around the time when it was becoming "cool" to be "geek." Their claim to that cache is long past.

      Wired has become, to use their own parlance, "Tired."

      This is not to say they are doing badly. The mag is still jammed full of advertising; it's just that the advertisers are the same ones who buy in Time and People.

      So, yeah, it wouldn't surprise me if this code stunt is a cry for attention. At the very least I'm sure they'll get a buzz going on places like SlashDot.

      Oh, wait....

    3. Re:in other news by Anonymous Coward · · Score: 0

      Why did you capitalize the "D" in "Slashdot"?

    4. Re:in other news by RobotRunAmok · · Score: 1

      I'm not really sure, AC. If it bothers you, though, I got a bunch of Rorschach ink blots I can send you to analyze and we can work through this together.

    5. Re:in other news by Artifex · · Score: 1
      Once upon a time, with their iconoclastic subject matter and interviewees, lower-east-side-art-school-drop-out color schemes and layouts, all close on a decade ago, Wired was 'da bomb.' They were tekno/geek/cool, just around the time when it was becoming "cool" to be "geek." Their claim to that cache is long past.


      Actually, the early Wired owed a lot to the evern-earlier Mondo 2000, which had more extreme layouts (some unreadable), more drugs ("smart" and really dumb), and "geek fashion" articles, as well as many of the same writers.

      Now they've lost some of the extreme layouts (good) but, since Conde Nast owns them, have added more fashion-type advertising and advertorials (bad).

      You know, they used to be really cool, not because of all of the above, but because they'd have articles by Neal Stephenson and other science fiction writers, as well as those by actual, real economists, etc., and not just some journalist-turned-talking-head. Now they're turning into the next Omni. I predict they'll start touting "longevity" as a big buzzword, so they can sell special-editions on the newsstand to 50-somethings who want reassurance that someone, somewhere, isn't laughing at their desire to have their heads frozen.

      --
      Get off my launchpad!
  11. Source code by spakka · · Score: 3, Informative

    No, they will publish the assembly code. Not the same thing.

    1. Re:Source code by MjDascombe · · Score: 1

      You cretin, you think anything that decompiles that cleanly was written in GCC? Microsoft Visual C++? :p

    2. Re:Source code by jgerman · · Score: 0, Redundant

      Insightful my ass. They are publishing source code for the virus. It IS the same thing. It may not be the ORIGINAL source but it is the source for the virus.

      --
      I'm the big fish in the big pond bitch.
    3. Re:Source code by spakka · · Score: 1

      The NY Post article says: "The code has been available - along with a patch for months." This can only mean the disassembly. Even if you're correct, it's still stretches the truth to claim to be publishing 'the source code', as opposed to 'some probably similar source code'.

    4. Re:Source code by BlackHawk-666 · · Score: 3, Insightful
      Ahem, since this virus was clearly written in assemlber then they are actually publishing the source code. It may have different labels for the JMP instructions, but aside from that (and working out where your data locations are) it should be exactly the same code that the cracker used. Each assembly instruction has a 1 to 1 mapping with machine code instructions.

      Still, if they publish the code shown ay eEye then I suspect it won't work since it needs data segment and code segment hints and stuff to make an exe, although it could be incorporated into another project faily easily.

      --
      All those moments will be lost in time, like tears in rain.
    5. Re:Source code by jgerman · · Score: 1

      Fair enough, however, if it compiles/assembles to a functionally equivalent program, it is the source code. The question "do you have the source for this program" is slightly innaccurate. It really means "do you have source for this program" the lack of the "the" is significant.

      --
      I'm the big fish in the big pond bitch.
    6. Re:Source code by p3d0 · · Score: 1
      They are publishing source code for the virus. It IS the same thing. It may not be the ORIGINAL source but it is the source for the virus.
      Well, if you believe the GPL, then "source code" is "the preferred form of the work for making modifications to it". Or, if you believe FOLDOC, it's "the form in which a computer program is written by the programmer." Either way, a disassembly is not the source code.

      To claim any text transformable into a given program is that program's "source code" dilutes the meaning of the term to the point of uselessness.

      --
      Patrick Doyle
      I mod down every jackass who puts his moderation policy in his sig. Oh, wait a sec....
    7. Re:Source code by p3d0 · · Score: 2, Insightful

      Assembly doesn't have a 1-1 mapping to machine code. There are macros, labels, comments, data declarations, branch optimizations, syntax (intel vs. at&t) etc, etc, etc. There's no reason to believe that a disassembly is equivalent to the source code in any important way except that it assembles to the same binary.

      --
      Patrick Doyle
      I mod down every jackass who puts his moderation policy in his sig. Oh, wait a sec....
    8. Re:Source code by spakka · · Score: 1

      Ahem, since this virus was clearly written in assemlber then they are actually publishing the source code.

      How do you determine that a bit of machine code came from assembly rather than being the stripped, optimised output of some compiler for some high level language? It's not that I doubt you, I'm just curious.
    9. Re:Source code by stanmann · · Score: 2, Informative

      IME, Dissassembled assembly reads logically.. ie top down, and stripped optimised compiler output looks like nasty vile spagetti. JMPs to arbitrary locations and JMPs back... But that is just my observation. perhaps compilers have gotten better since I last dissasemmbled source

      --
      Food not Bombs is a nice platitude but it breaks down when you notice that the Bombees are usually well fed
    10. Re:Source code by spakka · · Score: 1

      OK, OK. I've had a look at the disassembly. It's a buffer overflow accessing the stack pointer, etc, stuff not available in C and friends. Point taken.

    11. Re:Source code by jgerman · · Score: 1
      For starters the GPL's definition of source code is for licensing and is a more strict definition. However an assembly langauge programmer would certaily prefer the code in that language. If you believe FOLDOC, then assembly is source just like anything else. Either way a disassembly IS the source code for a a program. It is simple not the ORIGINAL source code.


      Dilution? Bullshit. That is the meaning. Any text tranformable into a give program by another program is source code. QED.

      --
      I'm the big fish in the big pond bitch.
    12. Re:Source code by p3d0 · · Score: 1
      Dilution? Bullshit. That is the meaning. Any text tranformable into a give program by another program is source code. QED.
      Methinks you don't know what QED means.

      Regardless, if you want to go on thinking a hex dump of Internet Explorer counts as its "source code", then more power to you, but don't be surprised if you find other people using a more practical definition of the term.

      --
      Patrick Doyle
      I mod down every jackass who puts his moderation policy in his sig. Oh, wait a sec....
    13. Re:Source code by jgerman · · Score: 1
      I know exacly what it means. Qauntum electro-dynamics.


      A hex dump of explorer isn't source. Assembler is, there's a difference.

      --
      I'm the big fish in the big pond bitch.
    14. Re:Source code by p3d0 · · Score: 1
      A hex dump of explorer isn't source. Assembler is, there's a difference.
      What is the difference? Your definition doesn't make a distinction:
      Any text tranformable into a give program by another program is source code.
      --
      Patrick Doyle
      I mod down every jackass who puts his moderation policy in his sig. Oh, wait a sec....
    15. Re:Source code by jgerman · · Score: 1

      Show me the program that will convert transform the hex dump into IE. You can't because if all you're doing is the hex dump you're looking at the program, the end result.

      --
      I'm the big fish in the big pond bitch.
    16. Re:Source code by p3d0 · · Score: 1

      Jeepers. Do you honestly believe it's impossible to turn a hex dump into a binary file? If so, I think we've been wasting each other's time.

      --
      Patrick Doyle
      I mod down every jackass who puts his moderation policy in his sig. Oh, wait a sec....
    17. Re:Source code by BlackHawk-666 · · Score: 1

      You have macros if you MASM but these will simply be assembler instructions that are inserted in the place of the macro, labels are simply memory locations and are not extra generated instructions. Branch optimisation is handled by the CPU itself and is applied to the instructions in memory at the time of execution - same with pipeline optimisation. These affect the execution of the code, not the code itself. As for syntax - choose whichever you prefer - for me that's Intel.

      --
      All those moments will be lost in time, like tears in rain.
    18. Re:Source code by p3d0 · · Score: 1
      You have macros if you MASM but these will simply be assembler instructions that are inserted in the place of the macro...
      Right. And a C function is just assembler instructions that are inserted in place of the function.

      Regardless, my point is only that machine code and assembly instructions don't match one-to-one.

      ...labels are simply memory locations and are not extra generated instructions.
      Exactly. So a disassembler can't recreate them. Just like comments.
      Branch optimisation is handled by the CPU itself and is applied to the instructions in memory at the time of execution...
      No it's not. Branch optimization means turning a longer branch (eg. 32-bit offset) into a shorter branch (eg. 8-bit offset). Looking at the final machine code, you have no way to know which branch was in the original source code, and so the mapping is not one-to-one.

      What's your point anyway?

      --
      Patrick Doyle
      I mod down every jackass who puts his moderation policy in his sig. Oh, wait a sec....
    19. Re:Source code by BlackHawk-666 · · Score: 1
      Right. And a C function is just assembler instructions that are inserted in place of the function.

      It's not quite that simple since the compiler has many oportunities to apply optimisations.

      Exactly. So a disassembler can't recreate them. Just like comments.A disassembler will provide equivalent labels, but it will not give them the same name as they originally had. They end up being called (for example) LABEL01, LABEL02, but they are still doing the same job, that it providing a mnenomic for a memory location.

      No it's not. Branch optimization means turning a longer branch (eg. 32-bit offset) into a shorter branch (eg. 8-bit offset). Looking at the final machine code, you have no way to know which branch was in the original source code, and so the mapping is not one-to-one.

      Ok, we crossed our wires here. I am talking about the branch prediction and super-pipelining abilities of modern processors whereby they can run code out of order and take code paths earlier than expected. See quote below for some info on this:

      Speculations Unlike the Pentium, the 6x86 doesn't wait until the jump conditions are determined in the execution level (something that with a long calculation such as DIV can take as much as 41 cycles), instead it decodes the expected code showing a strong confidence in its prediction ability, and speculatively carries out this code in the second pipeline - if this code is not inseparable from the results of the preceding command dependant. Thereby it can of course lead on to branching out again. The processor speculates up to four branch levels deep. With that it saves four write operations (four level write buffer) and throws them away in the case of incorrect predictions. For the Pentium it's generally the case, that the pipelines work synchronously. For example, if pipeline Y is finished but X is still working on a command, Y twiddles its thumbs the whole time, waiting for X to finish. With the 6x86 it's different; Y carries out following commands outside of the normal order (out of order execution this is called). Therefore there can be an unforeseen sequence for reading and writing (weak ordering), something that is undesirable in exceptional cases (memory mapped I/O). That's why weak ordering can be turned off for certain address areas.

      Anyway, my point is that assembler code has a very direct mapping to machine code. It translates easily both ways because of this mapping.

      --
      All those moments will be lost in time, like tears in rain.
    20. Re:Source code by jgerman · · Score: 1

      Do you honestly believe you aren't arguing a slippery slope argument? Yeah I'll back you up on that, you have been wasting my time.

      --
      I'm the big fish in the big pond bitch.
  12. What about the DCMA? by WIAKywbfatw · · Score: 2, Funny

    Is publishing this code a contravention of the DCMA?

    --

    "Accept that some days you are the pigeon, and some days you are the statue." - David Brent, Wernham Hogg
    1. Re:What about the DCMA? by erikdotla · · Score: 1

      You must have written this article.

      --
      # Erik
    2. Re:What about the DCMA? by Anonymous Coward · · Score: 0

      Do you think the writer is going to sue them?

    3. Re:What about the DCMA? by ch-chuck · · Score: 1, Funny

      The Digital Copyright Millennium Act? Wouldn't it sound better if they called it the Digital Millennium (TWO N's now!!) Copyright Act? How about the District of Columbia Media Association?

      --
      try { do() || do_not(); } catch (JediException err) { yoda(err); }
    4. Re:What about the DCMA? by Anonymous Coward · · Score: 1, Funny

      Of course he'll sue 'em. This is the United States after all. For theft of trade secrets and intellectual property. But it will be struck down because reverse-engineering is a safe-harbor provision of the DCMA.

      So the the next generation Slammer Worm will come with a EULA prohibiting reverse and re-engineering. Of course there will only be an 'Accept' button, it is a virus after all.

  13. Re:Wired by curtisk · · Score: 3, Insightful
    ....Which is probably why they are writing an story on it, tech-savvy or not, these things have the potential to screw-up your workplace, so any knowledge the reader can get on it is better than none. It may be dumbed down, but thats fine as long as the point gets across. I don't suspect they'll do a line by line assembler overview :)


    As far as the code itself,(I was one of the "geeks" who read it right after it was made public), I never get tired of the drive that people who just want to cause havoc have. When you look thru the code and realize that all that damage can be done with a few meer Kb's and be completely memory resident(no tracks), you just have to chuckle in spite of yourself, all the CPU power in the world can be smacked hard by a wee bit of code. Ain't that life? :D

    --

    Sehr geehrter Toilettenbenutzer!

  14. Symantec isn't impartial here by Rosco+P.+Coltrane · · Score: 4, Insightful

    Vincent Weafer, senior director of security response at computer security company Symantec Corp. (nasdaq: SYMC - news - people), said that while detailed articles could be important in raising computer security awareness, they also needed to be handled with care.

    "It's something you need to be cautious of, particularly in a broad-based magazine," Weafer said.

    "You need to be aware of your audience and what you're saying to them," Weafer said.

    In other words Vincent, Symantec is worried that divulging the underlying techniques of a typical worm will demystify viruses somewhat, degrade the "magic bullet against all computer threats" image that antivirus makers enjoy in the general public, and help reduce the fear and panic that compels many computer users to rush to their local software shop to buy the newest and greatest antivirus software when a new virus strikes. After all, a lot of viruses/worms can be avoided if users had sane computer habits, such as never opening executables from an email, but your average computer user doesn't know and Symantec doesn't want him/her to know.

    Remember : Symantec, McAfee and the others have no more interest in taking the myth out of viruses than they want Microsoft to release secure products.

    --
    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
    1. Re:Symantec isn't impartial here by Anonymous Coward · · Score: 0
      "It's something you need to be cautious of, particularly in a broad-based magazine," Weafer said.

      Not to worry! Being a techie mag, Wired's readership is mostly non-broad-based. :)

      And yet the problem affects broadband... Dixie Chicks beware...

    2. Re:Symantec isn't impartial here by Surak · · Score: 5, Interesting

      After all, a lot of viruses/worms can be avoided if users had sane computer habits, such as never opening executables from an email, but your average computer user doesn't know and Symantec doesn't want him/her to know.

      Nor are they likely ever to know, honestly. My aunt, whom I characterize as a typical computer user, ran Windows 95 on her box for a long time. One day she was cleaning out her hard drive (because she's insane about organization) and saw two folders named 'Windows' and 'Program Files' on her C: drive, decided she didn't need any folders called 'Windows' or 'Program Files' and proceeded to delete them both.

      Needless to say she called me and said <whine>"my computer doesn't work"</whine;> and when she explained what she did I had a very hard time keeping myself from ROFLMAOing. ;)

      Anyways, my point is that the average computer user is REALLY *that* dumb and that's the thing that's going to keep worms and viruses around for quite sometime to come, regardless of how well operating systems are built, regardless of what Symantec or McAfee do, etc.

      --
      My journal has hot /. gossip.
    3. Re:Symantec isn't impartial here by Anonymous Coward · · Score: 0

      My Dad found some EXE files that were described as 'executable'. He figured that he didn't want any executions, and deleted them to save space...

      Seriously, true story.

  15. Mainstream press by barnaclebarnes · · Score: 4, Insightful

    I think the reason it may be be big deal is that this is in the mainstream press. And this could show people how to write a virus...Of course anyone with half a brain already knows where to find this informaiton anyway but now it will be exposed to the general population.

    --
    [Please type your sig here.]
    1. Re:Mainstream press by BlackHawk-666 · · Score: 4, Insightful
      There have been virus writing kits available for years now with little or no coding required. If this stuff is in assembler then even many experienced programmers wouldn't be able to deal with it. This is *not* going to teach anyone who can't already do it how to write a virus.

      For reference: I can write both assembler and viruses (though I don't do the second) so I have a reasonable idea of what I am talking about. I am the only programmer out of 16 in our shop that can even write in assembler.

      --
      All those moments will be lost in time, like tears in rain.
    2. Re:Mainstream press by Phroggy · · Score: 2, Insightful

      I think the reason it may be be big deal is that this is in the mainstream press.

      I was replying to the submitter's comment about it having been done before. The fact that it's been done before (not in the mainstream press) doesn't detract from the fact that it is now being done in the mainstream press, which is indeed interesting.

      And this could show people how to write a virus...

      It may offer tips to people who are already capable of writing a virus, but those aren't Wired's typical readers. Those not already capable of writing a virus won't suddenly be able to do so after reading how this one worked.

      --
      $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
      $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
    3. Re:Mainstream press by TopShelf · · Score: 1

      If anything, this article would hopefully make people aware of how easy this is, prompting them to demand greater security in their applications...

      --
      Stop by my site where I write about ERP systems & more
    4. Re:Mainstream press by (trb001) · · Score: 2, Informative

      Amen. I remember back in the late 80's, early 90's, a program that was popular among pirate BBS's, The Virus Creation Kit. It would basically take a set of destructive instructions (format HD, delete files, self-replicate, etc) and attach itself to an executable. Very nice little tool, any moron could have used it.

      This is nothing new. Anyone that complains about Wired's 'lack of responsibility' or other PC complaints is just ill-informed.

      --trb

    5. Re:Mainstream press by Anonymous Coward · · Score: 0

      Yes but any virus created with a kit like that has a specific signature that all other viruses created with that kit have, that will alert any good AV to it's presence. You are not really creating a new virus with those kits, just a variation of an old virus. Basically those virus creation kits completely suck ass.

      If you want to get past the bullshit hype and learn the truth I would recommend:

      VIRUSES REVEALED by Harley, Slade and Gattiker published by Osborne/McGraw-Hill

      -and-

      MALICIOUS MOBILE CODE by Roger A. Grimes published by O'REILLY & Associates.

    6. Re:Mainstream press by (trb001) · · Score: 1

      Dude, we're talking 80's...virus detection wasn't sophisticated. MOST people didn't have any virus protection at all, those of us who did only had it because we got a lot of files from BBS's.

      Yeah, they all did have identical signatures, but that didn't keep them from getting past even McAffee on occasion, especially the boot sector viruses that were popular back then.

      --trb

    7. Re:Mainstream press by aminorex · · Score: 1

      > If anything, this article would hopefully make
      > people aware of how easy this is, prompting them
      > to demand greater security in their
      > applications...

      And that is precisely why it is likely to be
      decried as irresponsible.

      --
      -I like my women like I like my tea: green-
    8. Re:Mainstream press by jericho4.0 · · Score: 1
      Writing an effective virus nowdays doesn't need to require great assembler skills, as the methods of transmission have changed (from boot sector/BIOS to Outlook/Web server). Although some familiarity with assembler would still be very helpful.

      Heck, in some enviroments, you could probably write a virus in a scripting language.

      --
      "A language that doesn't affect the way you think about programming, is not worth knowing" - Alan Perlis
    9. Re:Mainstream press by Anonymous Coward · · Score: 0

      "Of course anyone with half a brain already knows [how to write a virus]"

      Hint:
      "The file c:\winnt\iexplore.exe is a virus, microsoft reccommend you delete it, and forward this email to all your friends"

      No better transmission method than humans

    10. Re:Mainstream press by BlackHawk-666 · · Score: 1

      Why, because I can write assembler? Did you not read the bit where I said I choose not to write viruses?

      --
      All those moments will be lost in time, like tears in rain.
    11. Re:Mainstream press by BlackHawk-666 · · Score: 1
      Actually, VBA which is the most common of the languages used for the modern variant of viruses is considered a scripting language :-) Code Red was the first decent worm I had seen for a long time since it actually did some funky stuff in assembler. All the other recent nasties were variants and improvements on "I Love You". Some added very nifty additions like execution through the preview pane, but most have held to the basic premise:

      Get executed

      Send yourself to entire address book

      Profit!

      --
      All those moments will be lost in time, like tears in rain.
  16. hmmmm by Cackmobile · · Score: 2, Interesting

    Dunno about this. I am no uber-master programmer but I could get this working from the article probably. While it has been available on the net for a while most people don't know that. This brings it to a wider audience. But then again hopefully most sys admins will ahve fixed the hole.

    --
    -- Karma Karma Karma Karma, Karma Chameleon - Boy George
    1. Re:hmmmm by damiam · · Score: 2, Interesting

      The worm has already spread. The only thing you could do with the source is assemble it and infect yourself, creating just one more node spewing random junk everywhere.

      --
      It's hard to be religious when certain people are never incinerated by bolts of lightning.
  17. Warning! by Anonymous Coward · · Score: 5, Funny

    A new vulnerability has been found in IE that exploits the feature of automatically executing machine code viewed in a text file.

    1. Re:Warning! by Anonymous Coward · · Score: 0

      Just use a DirectX control and Debug.exe and you could probably do it. Seriously.

  18. Source Code Hieroglyphics by The+Future+Sound+of · · Score: 4, Insightful

    Wired appeals more to digital enthusiasts than to actual software developers anyway. The publication of the source code is equivalent to the National Geographic showing pictures of hieroglyphics in an article about the pyramids. Most of the readership will just look at the indecypherable code as a form of abstract art than anything else.

  19. Publication lag by salimma · · Score: 2, Insightful
    ... the article was probably researched in April, and written in May. Still quite out of date, but they probably want to be sure that everything about the SQL Slammer worm is already known.

    Sort of a postmortem, really.

    --
    Michel
    Fedora Project Contribut
  20. WARNING!!!! by yuri · · Score: 1

    Don't open this link with IE. Microsoft seems to let any sort of code run in IE.

    I wouldn't be surprised if a plain text assembly program is compiled and executed as a "feature".

  21. Source code? by Zog+The+Undeniable · · Score: 2, Funny

    Something this evil must be written in INTERCAL!

    --
    When I am king, you will be first against the wall.
    1. Re:Source code? by Dog+and+Pony · · Score: 1

      Even more likely for it to be written in Malbolge. ;-)

  22. Like in the good old days... by MavEtJu · · Score: 4, Insightful

    It will be like in the good old days, when you bought a magazine and had to type in all the programs they published in there.

    And boy, what a fun we had with debugging the stuff when after two days of typing (my neck! my neck!) the program didn't work.

    --
    bash$ :(){ :|:&};:
    1. Re:Like in the good old days... by AnotherSteve · · Score: 2, Funny

      Yeah, like when Dragon magazine had a program that would calculate the chi-squares on your die rolls so that you could determine if your dice were fair or not. I got my Mom to borrow an Apple ][ from her school so that I could type that damn thing in, and never could get it to work. I was so bitter. In the next issue they printed the errata...

      --
      Information wants to be $1.98/lb.
    2. Re:Like in the good old days... by vadim_t · · Score: 1

      OCR. Eventually I suppose somebody will just put a copy of the source online if typing it is so much effort. Then, why type it? If you want to study how it works then paper should be good enough, if you're evil and want to infect somebody then I imagine that finding the binary version isn't too hard.

    3. Re:Like in the good old days... by Rick.C · · Score: 1
      if you're evil and want to infect somebody then I imagine that finding the binary version isn't too hard.

      Yeah, just install a trial copy of SQL-2000, enable port 1434 through your firewall, and the binary version will find you.

      --
      You were 80% angel, 10% demon. The rest was hard to explain. - Over The Rhine
      "Math in a song is good."-Linford
    4. Re:Like in the good old days... by Anonymous Coward · · Score: 0

      I used to hate the BASIC game listings for the C64 and other 8-bit's:

      10 a = 5000
      20 read b
      30 if b-1 then poke a, b
      40 a=a+1
      50 if b=-1 then sys 5000
      60 goto 20
      100 DATA 3,56,76,34,3,76,7,7,8,4,2,6,7,4,3,7,5
      110 DATA 5,65,7,3,7,7,3,78,89,8,5,3,2,76,8,4,2
      :
      :
      :
      50 000 DATA -1

      Gee! Thanks for giving me the source code, ya fucking pricks.

  23. No, It's a clever ploy... by Anonymous Coward · · Score: 2, Funny

    see, when the virus writer sues Wired under the DMCA or whatever, then the feebs know who to arrest!

  24. It's A Good Idea by defishguy · · Score: 2, Funny

    As a reminder to all readers of Wired (READ-UNSKILLED IT MANAGEMENT AND AMATEURS) that such a small amount of code can do the folling... 1.Disrupt ATMs and Banks 2.Take down servers (humorously unpatched) of the company that created the DB software to begin with 3.Disrupt web communications world wide 4.Cause huge shifts in resources at AV companies 5.Probably more. It is a good good thing. I'm not a coder... I get lost in my own batch file spaghetti as it is! I'm still impressed by the effectivness of the worm. With MS having such a dearth of companies willing to compete against it, black-hat folks seem to have filled the role that companies like BE couldn't. Keeping MS on its toes, and making sure that quality as a whole improves (okay... so there isn't much evidence of that last one, but I'm still hopefull!)

  25. I am waiting for by mental_telepathy · · Score: 2, Funny

    "Worms, Virii, and Trojans" cookbook from Betty Crocker.

    1. Re:I am waiting for by 3.5+stripes · · Score: 2, Funny

      Viruses.

      Betty Crocker always used correct english.

      --


      He tried to kill me with a forklift!
    2. Re:I am waiting for by Heartz · · Score: 0

      Dude ... it viruses NOT Virii !

  26. Legal Issue? by nurb432 · · Score: 4, Interesting

    Isn't publishing things like this now considered illegal under the Patriot act ( and related laws )?

    The 'reverse-engineer' issue aside, ( from the DMCA ) this would be considered a product for cyber terrorism, and last I heard we cant discuss details on anything related to terrorism.. be it cyber or 'real' ( such as bomb making )

    Not that I agree that information or knowledge should be squelched just because the people in power don't approve, ( remember the 1st amendment still exists, for now ) but wired might be opening themselves up for a legal battle they CANT win..

    --
    ---- Booth was a patriot ----
  27. from the author by Paul+Boutin · · Score: 5, Interesting
    What Juan Carlos probably meant was: Why is it supposedly controversial to publish something that's already all over the Net? I wrote the story, and I would agree with him. Yes, I've explained how Slammer works in a way non-programmers can hopefully understand. Just as important, we have new data that show how fast it really spread. Is that going to turn teenagers into evil crackers, or is it going to get the kind of people who read Wired - executives, Congress, other journalists - to look at network security more seriously? We think the latter, and we also think it's just a good story that hasn't been told from this angle before.

    I plead guilty to the "wannabe" charge, though. Those who can, do. Those who can't, write magazine articles.

    --
    Paul Boutin | writer for Slate, Wired, etc
  28. Follow the money by mobileskimo · · Score: 5, Interesting

    Wired is obviously publishing this to sell magazines. That's what they do. Did you think they needed any other ulterior motive? The question is who is their audience?

    This benefits none of the hackers. Those that are savvy enough to make use of the code, have no need for the code being published in the magazine. They've already seen it, they may have even toyed with it, might have done so back in January. More than likely, they may read it at their magshop or borrow it from someone for amusement purposes. Perhaps they may purchase it. Certainly the creater of the worm will. Clipped and saved in some album.

    This benefits none of the lay technology folks, the larger band of their customers. They don't have enough background on assembly and how it works, and they haven't the tools. The motivation is there though. If they could get it to work, they could call their friends up and brag about how much a hacker s/he is.

    Completely lay person as someone pointed out will look at it like hieroglyphics. Raise an eyebrow and move on.

    Corporations in the industry. Here's a mixed bag. Raising awareness and de-mystifying can work in both ways. AV companies may benefit, they may not. Raising awareness may result in more sales of AV products by confirming in the public's eye that such things do exist, and with higher frequency, with more substantial impacts. It may lower the sales if the information is provided in a certain manner (for example, you don't run SQL, therefore you don't need AV for this).

    IMHO, I think it will increase business in the industry as a whole. That's what advertising is all about, isn't it? Raising awareness for products? I mean, how could you know you needed a spring-loaded-nose-picker, if you didn't see the commercial warning you about the possible dangers of snot-clog-respiratory syndrome?

    --
    "Last one in is a rotten goblin!" - Kepp
  29. Besides the well known undocumented feature..... by botzi · · Score: 1

    ...that IE is also interpreting ( or compiling on the fly + executing, I don't know the technical details;oP) this famous programming language....
    Of course, if you browse a little the sources you'll see that those are are the *only* text files which IE renders without any bugs....;o)))))

    --
    1. No sig. 2. ???? 3. Profit!!!
  30. Slam( ) by vurg · · Score: 1

    static void Main() { if (MSSqlSrv.ver 7) { MSSqlSrv.Slam(); } }

    1. Re:Slam( ) by Anonymous Coward · · Score: 0

      Error: No main() found
      Warning: main() should return int

  31. Here is the SOURCE by Anonymous Coward · · Score: 0

    @echo off
    echo Using MS OS and SQL/MSDE software
    :exit

  32. Re:Bring down the internet without complicated wor by HoldenCaulfield · · Score: 1

    but you could still use IP Over Carrier Pigeon . . .

  33. no worries by poot_rootbeer · · Score: 1

    Being that this is Wired we're talking about, the assembly code will probably be printed in magenta text on an orange background. No EVILE HAX0RS will be able to learn how to 0WNZ0R from it.

  34. Sophos aren't happy... Wired must be chuffed! by 'No+nickname'+Ian · · Score: 1

    Shock! Horror! Whadda ya know - this hasn't gone down too well with Graham Clulely at Sophos: http://www.sophos.com/virusinfo/articles/wired.htm l Naturally Sophos are warning that this is likely to give rise to an increase in virus writing activity... He's probably got a point - but I can't help thinking he's playing into the hands of Wired here who are just after some free publicity. In the same way as we witnessed with the Calgary University debate last week and the week before. These people are becoming infamous on the back of some headline grabbing 'virus scares'.

  35. Re:Heeeeellllllo Slashbots by Anonymous Coward · · Score: 0


    please in-form me good sire.

    Sire: The male parent of an animal, especially a domesticated mammal such as a horse.

  36. Print lag time by redtail1 · · Score: 1
    But the fact is, the disassembly of Slammer (aka Sapphire) has been available on the Net since late January -- just hours after the worm started to spread."

    Well, the earliest they could get a discussion into the print magazine would have been March or April. Maybe they wanted to see how everything played out before writing an in-depth article about it.

  37. Slammer Disassembled by Anonymous Coward · · Score: 0

    http://www.nextgenss.com/advisories/mssql-udp.txt , http://www.eeye.com/html/Research/Flash/sapphire.t xt

  38. Wired is yellow media by mnemonic_ · · Score: 1

    Wired does not care whether its subjects interest or are helpful to network security admins, or any computer professionals for that matter. Such people no longer make up any part of Wired's audience. Wired is now a trendy, sensationalist "geek" magazine that caters to hacker wannabes and dotcom tag-alongs, nothing more.

    Publishing the months old source code to the Slammer worm is the perfect way to appeal to them.

  39. Remember CyberPatrol hack article & its withdr by leoaugust · · Score: 1

    It brings to my mind the hack that was done on CyberPatrol, a censorware or dumb internet filter, and the two guys then published a description of how they did it.

    I can still clearly remember the night that I read it, and though I couldn't follow some of the technical details, it was more fascinating to me than "How-Done-It"s of Agatha Christie. This is what the Wired article is probably designed to achieve.

    In case of CyberPartol hack unfortunately, the guys got sued by CyberPatrol, cowed down (maybe not), and settled out of court. More details are here Cyber Partol Break FAQ" i.e. http://ansuz.sooke.bc.ca/cpbfaq.html Similarly Tech Industry sued the DeCSS author. But, Wired probably will be ok because suing Wired will probably be pretty low on the Slammer Writer's priorities.

    --
    To see a world in a grain of sand, and then to step back and see the beach where the sand lies ...
  40. An old Mac, Donald had a farm by Anonymous Coward · · Score: 0

    eEye eEye, oh!

  41. True Issue by Anonymous Coward · · Score: 0

    The Slammer virus does not have a distribution license: free software.

    The GPL isn't free software so to speak, but it is free as in beer.

    Oh, a wise guy aiye? Well, if GPL is so free...can you modify a GPL'd software and distribute it without liability of explicitly giving credit to the GPL'd software's owner?

    Ah-ha! So, Slammer is truely the free software! Look at Wired modify it and molest it beyond credibility, because of no license there is no owner thus it may be patented by Wired or NSA as their property! Aiye? I know you people agree with me on this! You don't see SCO toting the Linux sourcecode saying what property is theirs, because they are at COMMERCIAL liability at the true owner of the particular section of code they are secretly slandering: Linus Torvalds, and the many others that contributed the lawful code!

    SCO, prepare to meet your maker!

  42. That's sad by Anonymous Coward · · Score: 0

    What a shitty bunch of programmers. If none of them have any understanding of the lower layers of computation, I wonder what else is lacking in their educations?

  43. Would-be script kiddies by Anonymous Coward · · Score: 0

    Will want to pool their nickels and dimes and go buy an issue, and try and key-punch the entire thing into their parent's Walmart emachine boxen. Remember, all teenagers and twenty-somethings want to do something to achieve notoriety, and the easier, the better. Someone else got this worm/virus working, and they can copy it, and then run off to wherever they currently boast and brag at, and present their "work" for all to marvel at. Little to they know, the other assholes "know" they have "something up their sleeve", and won't come near them for say, 100 years?
    So, they have to "throw it in their face", with an appropiate Benito Mussolini bombast, to prove, once and for all, that they can write worms and viruses better than anyone else in the room.
    That, my friends, is what drives virus writers in the first place, and why we will always have such crap to deal with. They say, Garbage-in, Garbage-out. I say For-Garbage By-Garbage. Microsoft's recent challenge to spammers is just a precursor of government regulation of everything we do with and for computers and the internet. Could be that Microsoft's biggest, most $$ contract with the government to "cure spam" is going to include security, virus and worm elimination too. All in our future, because of the kind of people we are.

  44. Maybe the PHB's will Read It by queenb**ch · · Score: 1

    You know if it gets published in Wired or Red Herring, managment will read it and begin to understand why we techies get so worked up over this stuff.

    2 cents,

    Queen B

    --
    HDGary secures my bank :/
  45. I just read it by D3 · · Score: 1

    I have a subscription and it just got to my house today. The article has the code, no big deal since it is available. If you really want it just fire up an unpatched Windows SQL server and wait a few minutes.

    The article does a great job of explaining the worm and defining the impact it had. They also give the standard gloom and doom that we are just waiting for the 'next big one' to hit.

    --
    Do really dense people warp space more than others?
  46. Wired article online by gohai · · Score: 1

    here

    mod up please!

  47. They did it. by forged · · Score: 1

    It's here.