Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

White hat virus??? 1

Status
Not open for further replies.
wbg34

wbg34

IS-IT--Management
Joined
Nov 2, 2000
Messages
550
Location
US
A new virus is making the rounds using the RPC Dcom Vuln. Except this one infects the PC terminates Lovesan if it is present, then it attempts to patch the system against the RPC Dcom Vuln. If it is sucessful, then it reboots the PC to enable the patch. It deletes itself in January.


Is this kind of virus ethical?
 
I've seen similar things in the Linux world. It's a very bad idea.

First, it's unethical for anyone to make changes to my systems without my approval. By definition there can be no such thing as white-hat hacking without having first gotten my permission.

Second, there are 3 or 4 variants of MSBlaster out there. It will be no time at all for hostile variants of this new thing to show up.

Want the best answers? Ask the best questions: TANSTAAFL!!
 
superb! happy for it to run on my PC :)
(alas, the Microsoft patch has beaten it to the punch)

ethics-wise, the only problem I can see is the lack of informed consent. I'd prefer a popup message - at least to say "Vulnerability xxx has been discovered on this system. Would you like this repaired?" except then you have the problem of users saying no because they mistrust the message; perhaps "Vulnerability xxx has now been patched. see c:\update\readme.txt for more information".

<marc> i wonder what will happen if i press this...[pc][ul][li]please give feedback on what works / what doesn't[/li][li]need some help? how to get a better answer: faq581-3339[/li][/ul]
 
It's a bad idea. As was mentioned by sleipnir214, it's only a matter of time before someone releases a disguised verison of this that actually does more harm.

Not to mention the hostile responses that are more than likely to crop up from someone digging into something like this.

Would a simple popup that said &quot;you are infected with MSBlaster, please fix your PC!&quot; be any better? I don't know. It might work for some people, but other people take this sort of warning as a personal insult.

In the oft used automobile anology, I've been behind people whose brake lights do not work. In the instances where I've had a chance to mention this to them, the responses have varied from &quot;Thank you&quot; all the way to &quot;There's nothing wrong with my car!&quot; and &quot;Who are you? Leave me alone or I'll call the police!&quot;.

Robert
 
&quot;Ethical Hacking&quot; is an oxymoron. Period.


Jeff
If your mind is too open your brains will fall out...
 
Without commenting on the ethics of it... the two comments about a variant of it showing up are technologically not feasible. This virus is a variant of MSBlaster, and it closes the hole it uses to infect. So, a variation of it would only be able to get to systems which it hasn't already gotten to, and more to the point, would simply be variations of MSBlaster, so this virus writer didn't provide anyone with a new base.

As far as the ethics of it... I'm torn, I mean I'm not a big fan of people accessing without permission... but then again with an exploit like this one, that's so widely publicized and so easy to fix... and causes harm mostly to other computers (not the infected computer)... if you're leaving a a machine exposed and out on the internet with MSBlaster, you're either, malicious, incredibly uninformed, incapable of fixing it yourself.... so while I wouldn't necessarily support the writer, there's no way I'd hold'm responsible for it either.

-Rob
 
The new worm does present new functionality to our hypothetical worm-writer. MSBlaster downloaded code by TFTP. This new one must download code by HTTP. Nothing new, except for the combination of functionality with the original RPC hack.



If I walk out of a bathroom with my fly undone, a stranger can bring it to my attention. That stranger cannot just reach over and zip it up for me without my permission.

Of course, the best outcome would be that I or the bathroom attendant notice it before I ever left the bathroom. But the fact that my fly's unfortunate state went unnoticed until I left the restroom does not give anyone the right to lay hands on my person.

Want the best answers? Ask the best questions: TANSTAAFL!!
 
As far as I'm concerned any unauthorized access to a computer is not ethical. But, a part of me is still cheering for the writer.
 
its still a worm...still causes much network traffic and stress on an already overcapacity system....
 
Friendly uses of viruses are hardly new - I remember a suggetsed compression virus for DOS (compressed any uninfected exe files and added itself to run to decompress and propagate).

Sub-question:
Is it OK to use a &quot;friendly virus&quot; internally within your own company/home/whereever?

Within your own company, you have the right to decide what is appropriate, but can you be sure your friendly virus won't get outside, where people are no longer giving their informed consent? Are you providing a basis for more malicious things?
 
I think it sets a bad precedent.

What if someone decides that everyone on the planet should have a picture of their irresistably cute child as their desktop?

Chip H.


If you want to get the best response to a question, please check out FAQ222-2244 first
 
Can you imagine what would happen to a network that this worm got loose in? Imagine hundreds if not thousands of computers in one location all trying to download the patch from Microsoft at the same time. It would bring the network to its knees. If all those people did succeed though, you would just be launching the atttack on Microsoft that the original author intended. Either way this is not the way to fix the problem. People have to learn that getting infected with a virus through their own stupidity isn't acceptable.
 
Or suppose you had 100,000-machine network with a significant percentage worm-infected. Then suppose that all those worms on all those machines were casting about looking for other machines to infect and causing so much network traffic that the network could not be used?


Want the best answers? Ask the best questions: TANSTAAFL!!
 
hunterpredd,

Please consider using the free Microsoft SUS server in your circumstance. It is irresponsible to have hundreds if not thousands of workstations trying to reach Windows Update from a single site. This is a poorly configured site.

 
bcastner:
Sure, an update server is a good idea in a corporate network environment. But what about those ISPs with tens of thousands of clients?

Want the best answers? Ask the best questions: TANSTAAFL!!
 
sleipnir214,

They block port 135, again. This port was blocked by many ISPs after Code Red. Many have as of late last week begun blocking it again.

 
I have very strong emotions about this well-intentioned-but-poorly-executed virus. Although the algorithm that the originator used is pretty good, their execution is flawed. This anti-virus attempts to spread itself, and so has become a virus in its own right.

I work for a small company, and my primary job is programming, but when the fecal matter hits the spinning blades, I also help out in IT.

When a single laptop that had been infected connected to our network here, the router (we only have 1) almost instantly shut down because of overload of each of the computers trying to propagate this thing. This had the side-effect of disabling our internet access. Have you ever tried to get anti-virus information or code into your office without using an internet connection?

Fortunately, a friend of mine had some things on a CD that he brought to me to bail us out. I ended up losing about a days worth of programming time due to this thing. When I'm already working most nights and weekends, I don't have that kind of time to spare.

The general concept was well-intentioned, but we all make coding mistakes and somebody else's mistake caused me to lose my recreation time. I'm guessing that it was written by a young programmer. Talented and idealistic enough to attempt this, but not yet wise enough to realize what a truly bad idea it was.
 
Status
Not open for further replies.

Similar threads

Dimandja
  • Locked
  • Question Question
Microsoft offers free anti-virus program
Replies
8
Views
449
pmonett
pmonett
langleymass
  • Locked
  • Question Question
I hate Ipods and headsets in the office
2
Replies
34
Views
2K
jshurst
jshurst
GwydionM
  • Locked
  • Question Question
Ban Virus writers from owning a PC?
2
Replies
39
Views
1K
SemperFiDownUnda
SemperFiDownUnda
CajunCenturion
  • Locked
  • Question Question
Combatting the Virus
2
Replies
22
Views
702
dilettante
dilettante
welshtroll
  • Locked
  • Question Question
Virus Hell
2
Replies
36
Views
932
Rhys666
Rhys666

Part and Inventory Search

Sponsor

Back
Top