Jeff Workman wrote:
--On Sunday, April 11, 2004 2:45 PM -0400 Joe Maimon <jmaimon@ttec.com> wrote:
Therefore the "good" people should beat the bad people to the punch and write the worm first. Make it render the vulnerable system invulnerable or if neccessary crash it/disable the port etc..... so that the "lazy" administrators fix it quick without losing their hard drive contents or taking out the neighborhood.
Such "corrective" behavior as suggested by you might also be implemented in such a "proactive" worm.
How many fewer zombies would there be if this was happening?
As I understand it, Netsky is supposed to be such a worm. Doesn't seem to make much of a difference, does it?
I thought that Nachi/Welchia was supposed to be such a worm as well, and it ended up doing more harm than good.
One could argue that those were implementation issues, probably performed by people who did not know what they were doing.
-J
-- Jeff Workman | jworkman@pimpworks.org | http://www.pimpworks.org