Another version of the Blaster worm
on
Blaster Writer Caught
·
· Score: 2, Interesting
An the article is not kidding about variants of the blast worm. Two weeks ago we saw heavy destination traffic on port 4444 to random boxen on the internet. It turns out one of my client's linux boxen had been cracked into and a dropper that works just like the blaster virus starting hitting hundreds of outside servers. We tested it in a clean lab and it would infect but not install the worm properly. It was nice that he left source code and all. Makes me wonder just how many variants are still out there?
Here's the some of the source, might look familiar to some of you..... Hope the right person sees this./* ** ** 2003/07/27 - DCOM RPC WIN32 remote exploit (Most languages) ** ** FlashSky/Benjurry and, H D Moore's code is very excellent. ** It works well even if change only return address. ** I didn't feel necessity for new make. ** ** Thankful to them. ** ** 2003/07/30 - Update, Added magic return address. ** ** kokanin supplied very excellent information: ** URL: http://lists.netsys.com/pipermail/full-disclosure/ 2003-July/012000.html ** ** * As well as Korean thanks to, a lot of systems can exploit. ** ** -- ** Thank you. ** ** P.S: Sorry, for my poor english. ** ** -- ** exploit by "you dong-hun"(Xpl017Elz),. ** My World: http://x82.i21c.net & http://x82.inetcop.org */
Changing the name might not be so hard, as per this document:
The successor to Windows XP (due in 2004, and rapidly slipping to 2005) is currently code named Longhorn, and it will not be compatible with your existing software, hardware or methods. Microsoft has already stated that backward compatibility will not be a design feature.
Some expect the name Windows will be dropped completely. The antitrust agreement with the Bush DoJ specifically states "Microsoft Windows" throughout. By maintaining incompatibility (already planned due to design considerations), making it look different and calling it something else, Microsoft can free itself from antitrust oversight. "It's not Windows, it's a different product - the agreement doesn't apply."
[bolding is mine]
pulled from http://www.aaxnet.com/editor/edit029.html#longhorn
"I use Netscape exclusively as my web browser; do I still need to install Internet Explorer? Yes, but only if your system has an older version of Internet Explorer installed. Since Internet Explorer is a core component of Windows, many features of the Logitech io Software are dependent on the program. However, installing Internet Explorer does not mean you must use it as your browser; you can still use Netscape as your default Internet browser."
I work at a company that is a retail shop and an IBM Premier business partner. All we do is service, support, install, and maintain 4690/SA/GSA/ACE/CDSA (IBM retail OS and applications). The POS app already exists and I am willing to guess that IBM will use 4690 GSA (general sales app) and the JavaPOS or OPOS on Linux. JavaPOS/OPOS runs on the terminal (client) side and 4690 runs on the controller (server) side. JavaPOS/OPOS is an api that allows a developer to control the devices on the terminal. I've setup a terminal and played with linux and JavaPOS but suffice to say it's nowhere to completion. We've tried for over five years to write our own POS application but since we have so many former IBMers in our upper ranks, they keep killing it. 4690 and it's apps are the most stable software you'll find on the market. But those license fees will kill you!
From reading the article it only seems like unsolicited financial email will be considered, not the tons of stupid junk I get like "enhance this body part" or buy a college degree (I worked hard for mine, thank you.:)
It would interest me to know how far IBM will go to embrace Linux in the many solutions IBM provides, especially proprietary solutions.
Sure, there are (or will be) solutions for servers, clients, and personal PCs, but will Linux support spill over into solutions such as Point of Sale? Would the porting of (proprietary) IBM software, such as SuperMarket Application or Chain Drug Sales Application, to Linux be considered?
Slashdot Mirror
.. the hobbits won.
I just happen to think of another article I read on /. earlier...
M$ Corporate Meeting:
"Well, BIND wins again."
BG:
"What? Do you think I'm stupid?"
It goes without saying, almost...
"I'm sorry, you're luggage is on another flight!"
An the article is not kidding about variants of the blast worm. Two weeks ago we saw heavy destination traffic on port 4444 to random boxen on the internet. It turns out one of my client's linux boxen had been cracked into and a dropper that works just like the blaster virus starting hitting hundreds of outside servers. We tested it in a clean lab and it would infect but not install the worm properly. It was nice that he left source code and all. Makes me wonder just how many variants are still out there?
/*/ 2003-July/012000.html .
Here's the some of the source, might look familiar to some of you..... Hope the right person sees this.
**
** 2003/07/27 - DCOM RPC WIN32 remote exploit (Most languages)
**
** FlashSky/Benjurry and, H D Moore's code is very excellent.
** It works well even if change only return address.
** I didn't feel necessity for new make.
**
** Thankful to them.
**
** 2003/07/30 - Update, Added magic return address.
**
** kokanin supplied very excellent information:
** URL: http://lists.netsys.com/pipermail/full-disclosure
**
** * As well as Korean thanks to, a lot of systems can exploit.
**
** --
** Thank you.
**
** P.S: Sorry, for my poor english.
**
** --
** exploit by "you dong-hun"(Xpl017Elz),
** My World: http://x82.i21c.net & http://x82.inetcop.org
*/
#include
#include
#include
#include
#include
#include
u_char bindstr[]={
0x05,0x00,0x0B,0x03,0x10,0x00,0x00,0x00,
0x48,0x00,0x00,0x00,0x7F,0x00,0x00,0x00,
0xD0,0x16,0xD0,0x16,0x00,0x00,0x00,0x00,
I don't use my connection solely for web access; I've got lots of 0wn3d boxes to admin...
I wonder how well it will work for ftp too?
Doesn't look like a solution for the 56Ker unless you are web only.
Changing the name might not be so hard, as per this document: The successor to Windows XP (due in 2004, and rapidly slipping to 2005) is currently code named Longhorn, and it will not be compatible with your existing software, hardware or methods. Microsoft has already stated that backward compatibility will not be a design feature. Some expect the name Windows will be dropped completely. The antitrust agreement with the Bush DoJ specifically states "Microsoft Windows" throughout. By maintaining incompatibility (already planned due to design considerations), making it look different and calling it something else, Microsoft can free itself from antitrust oversight. "It's not Windows, it's a different product - the agreement doesn't apply." [bolding is mine] pulled from http://www.aaxnet.com/editor/edit029.html#longhorn
Got a laugh outta thing line in their FAQ:
"I use Netscape exclusively as my web browser; do I still need to install Internet Explorer?
Yes, but only if your system has an older version of Internet Explorer installed. Since Internet Explorer is a core component of Windows, many features of the Logitech io Software are dependent on the program. However, installing Internet Explorer does not mean you must use it as your browser; you can still use Netscape as your default Internet browser."
mod Informative :-)
eWeek Article
I work at a company that is a retail shop and an IBM Premier business partner. All we do is service, support, install, and maintain 4690/SA/GSA/ACE/CDSA (IBM retail OS and applications). The POS app already exists and I am willing to guess that IBM will use 4690 GSA (general sales app) and the JavaPOS or OPOS on Linux. JavaPOS/OPOS runs on the terminal (client) side and 4690 runs on the controller (server) side. JavaPOS/OPOS is an api that allows a developer to control the devices on the terminal. I've setup a terminal and played with linux and JavaPOS but suffice to say it's nowhere to completion.
We've tried for over five years to write our own POS application but since we have so many former IBMers in our upper ranks, they keep killing it.
4690 and it's apps are the most stable software you'll find on the market. But those license fees will kill you!
From reading the article it only seems like unsolicited financial email will be considered, not the tons of stupid junk I get like "enhance this body part" or buy a college degree (I worked hard for mine, thank you. :)
It would interest me to know how far IBM will go to embrace Linux in the many solutions IBM provides, especially proprietary solutions.
/etc/Ben_Menking.conf
Sure, there are (or will be) solutions for servers, clients, and personal PCs, but will Linux support spill over into solutions such as Point of Sale? Would the porting of (proprietary) IBM software, such as SuperMarket Application or Chain Drug Sales Application, to Linux be considered?
--