The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #059 [Re: Disassembled virus?] (1 message, 850 bytes)
NOTICE: recognises the rights of all third-party works.


From: bostic@okeeffe.Berkeley.EDU (Keith Bostic)
To: phage
Date: Sat 18:37:20 05/11/1988 EST
Subject: Re: Disassembled virus?
References: [Thread Prev: 057] [Thread Next: 069] [Message Prev: 058] [Message Next: 060]

> I agree with Doug Comer. Was there *really* anything in there that was
> terribly sophisticated?

No, but you're missing the point.  While not terribly sophisticated,
it's not something a first year programming student could do without
some *serious* effort.  You want me to post source that would allow
any moron to hear about a bug, replace a few routines, and start the
whole mess over again.  Let's at least make it as hard as possible,

> Let's face it, 99.9% of the virus was the hole in sendmail, he (or
> anyone else) could have done *anything* with that, "rm -rf /" after
> re-propagating wouldn't take much genius although more nefarious
> things are possible.

Not true; the sendmail bug gives you daemon, not root.  And daemon
is not the hole that people seem to think it is, although it's not
my idea of a good time.

Incidentally, most systems here were attacked through fingerd, not

> I say publish it for the curious though I would agree to wait until
> more discussion occurs, there's certainly no rush.

I don't see publication as the end of the world, but it's clearly
not a good idea.