Slashdot Mirror

← Back to Stories (view on slashdot.org)

Anti-Santy Worm Patches phpBB Flaw

Posted by michael on from the whether-you-like-it-or-not dept.

sebFlyte writes "Interesting Santy worm story -- there's now an anti-Santy worm proliferating, which spreads the same way as a normal worm, but rather than killing machines or taking control of them, it gives them security updates..." We mentioned the Santy worm about ten days ago.

16 of 245 comments (clear)

  1. White Worms by ErichTheWebGuy · · Score: 3, Interesting

    I feel that white worms, when done correctly, are a good thing. This is a case where the ends justify the means, even if it does mean comprimising vulnerable systems.

    --
    bash: rtfm: command not found
    1. Re:White Worms by savagedome · · Score: 2, Interesting

      White worms? Ha! I prefer to call them Earthworms since they belong to both sides!

      --


      Free XBox, PS2
    2. Re:White Worms by GoofyBoy · · Score: 4, Interesting

      From the article;

      "If a site is infected, the worm causes a huge amount of traffic and slows down the site. I don't think it's possible to write a beneficial worm."

      --
      The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
    3. Re:White Worms by lukewarmfusion · · Score: 1, Interesting

      If it comes into my system without my permission, it's a bad thing. I don't care if it's coming with good intentions or not, any kind of unauthorized access is unacceptable.

      As others have pointed out, patching isn't always something you should do right away. In any enterprise system, you should be testing the patches and updates before you deploy them to your users. For instance, many of us wait to see if Service Pack 2 is stable before installing it. I haven't put it on my own machine yet (partly for fear of instability and partly out of laziness). If a worm came around that forced users to upgrade to SP2 right after it was released, that could be a very bad thing.

    4. Re:White Worms by spectre_240sx · · Score: 2, Interesting

      You raise an interesting point. Maybe these white knight worms should be looked at in the perspective of systems being patched to slow down the worms progress and protect the rest of the internet rather than systems being patched to protect the administrator of that specific system. If an administrator becomes lazy and that causes grief to other admins, maybe this is deserved. It seems a lot like an ISP disconnecting a user for having a virus on there system, however a little more invasive.

  2. Satisfaction Guarantee? by someonewhois · · Score: 2, Interesting

    Is there a satisfaction guarantee with the virus?

    Wasn't there a Welcha worm that cleaned up Blaster, and once the path was clear, it just gave you another virus? :p

  3. A bit uneasy... by BlueThunderArmy · · Score: 2, Interesting

    this does sound a bit sneaky and intrusive, but if it's breaking into computers and doing good deeds perhaps we should just let it. After all, people sure as hell aren't doing security updates on their own, might as well let somebody do them.

  4. Re:Not very benificial by lightdarkness · · Score: 1, Interesting

    MSN's index updates quicker.

    Google wouldn't show as many results. I am a google junkie, but MSN previals in this aspect.

  5. Anti-IE worm... by Vague+but+True · · Score: 5, Interesting

    How long before someone makes an "Anti-IE" worm that automaticaly installs FF on everyone's computers.

    --

    I'm not a doctor, but I play one in bed.

  6. No such thing as a white worm by genessy · · Score: 5, Interesting

    Even if the worm patched the site without defacing it yet again, it's still going to bog down networks by replicating. Perhaps a better alternative would be to send a simple e-mail to vulnerable sites and allow them to make the decision to patch or upgrade to the newest version.

  7. Conundrum by jabber01 · · Score: 2, Interesting

    White worms are a nice theory, but I think they should be fought just as vehemently by anti-virus software as malicious ones.

    Holes they use should never be left unpatched, even if the worm's patches are not applied.

    Consider: If there was a benign strain of HIV out there that immunized you to Herpes upon infection, would you give up condoms?

    --

    The REAL jabber has the user id: 13196
    What you do today will cost you a day of your life

  8. Survival of the fittest by melvo · · Score: 4, Interesting

    The "success" of viruses and worms so far have been characterised by their ability to reproduce. This bears some resemblance to their genetic counterparts.

    Perhaps the next phase will be a virus or worm that follows genetic theory. The genetic features that would have to be modelled would be:

    1) it is considered beneficial
    2) it can reproduce
    3) it can mutate

    The successful entities would then survive, and the unsucessful mutations would die out. Survival of the fittest?

  9. which brings up another question... by zogger · · Score: 4, Interesting

    ... well, to me anyway because I just don't know. There are a lot of distros out there, including all the various "live" versions, and various ways to install. I am wondering, is there such a beast as a no brainer, one click to install Linux distro that works over the internet and would seamlessly replace a users windows install with a working and safe while downloading and installing linux distro? I mean, a windows user (or another linux user, whatever) clicks on a webpage link and off she goes? With broadband now, it's common to downloand an ISO and burn it, I was just wondering if there was a distro that was designed from the ground up to eliminate that intermediary step. Say someone had finally just had it with windows problems, just said to heck with it, just replace this whole mess with something else, etc. Click, download, install, as easy as a normal app? I know there are "network" installs, but those are usually targeted at corporations where a lot of PCs are on the LAN, etc, I mean one for joe raw beginner newbie home user surfer.

  10. Creeper and Reaper by tepples · · Score: 2, Interesting

    In the 1970s, Creeper was the first Internet worm, which spread among computers running the Tenex OS. Reaper, the second Internet worm, was sent to destroy copies of Creeper.

  11. Patching not posible... or not always... by nereid666 · · Score: 2, Interesting

    If the administrator is not absolutely dumb, the .php file must be not owned by the same user that runs the webserver. Then teh worm can not patch the file with the vulnerability.
    I wish to know more details about how the Anti-Santy patch is done. Any URL?
    A self-spreading worm it is always dangerous, another aproach, doubthly legal byut more polite is the strike back philosophy. If someone attacks you then strike back and patch them (and install other strike back worm). With this technic the infection could be reduced without increase the bandwith for all the internet.

    --
    Damia
  12. Good Worms Bad Worms. When can we QOS these things by human+bean · · Score: 3, Interesting

    If you cannot stop people from doing dumb things and running systems that are open to this sort of abuse, then at least they could be nice enough to not bother the rest of us.

    I need a router/switch/filter that recognises worm/virus traffic for what it is and sets QOS down (or out) on such traffic. Better yet, I want my internet provider to have one. So the neighbor next door's got twelve sessions of Butt Trumpet running on his PC and more broadband in Mbps than he has brain cells to rub together, doesn't mean the pipes I use outta here need to be effected.

    Niceties would be an ability to recognise interactive traffic and flag it for regular service. Not an original idea, by the by, was first mentioned in sf by John Brunner some years back.

    Another project I will never get round to.

    This is the end of the rant. We now return you to your regularly scheduled /. programming. Had this been of actual importance, you would have been instructed where to browse for further news and information. This is only a rant.

    --

    *whup* "Get along, little electrons. Heeyah!"