Robert L. Harris wrote: > 2 thoughts.
If you want to call them that, okay. Sorry, I'm getting mildly annoyed by the conversation at this point. We seem to be dividing into two groups: those with a clue, and those who neither have one nor seem able to catch one when it floats by. By now, I think anyone who previously lacked a clue but was capable of acquiring one has done so. > 1) Write a script that instead of shutting down the system > applies a hot-fix or shuts the wurm off, maybe a cron type, at job that > removes the files the wurm puts in place and then emails the admin > with a "hey your box is hacked, fix it"... How many messages have we had today proposing this or pointing out that legally this is the same as the original worm? Unauthorized access is unauthorized access. And what's all this nonsense about mailing the admin or setting up a cron job? Are you by chance thinking that Code Red runs on Unix? The average Windows 2000 machine doesn't run a mail transport, especially not the home cable/DSL systems that seem to be the biggest problem at this point. You can complain to their ISP if you like. I think that's already being done by various people. > 2) My understanding is that this was made by some chineese hacker > ticked off about that spy plane garbage and is DDOS'ing > whitehouse.gove. Being that we don't seem to be getting much help > shutting this down since v2 is now out, lets change DNS for a week > and point Whitehouse.gov to china.gov or some such mess. You not only haven't been reading this list very carefully, you also haven't been reading the news. The attack on www.whitehouse.gov is by a hard-coded (and now obsolete) IP address, not by DNS name. There is also no proof at all that Code Red is of Chinese origin; the only indication of that is the "Hacked by Chinese!" web page that hacked servers display for a few hours after their initial infection. I don't know about you, but if I were going to write something like Code Red, I would include something like this as pure misdirection, to reduce the chance of getting caught. Craig
