Again, I am not proposing a worm. Simply a cleaner that would neuter the worm that connected. What I am proposing would _ONLY_ provide software that, if the connecting client chose to execute it, would neuter the worm on the connecting client that executed it. Nothing that would worm to other computers from there. That's high risk. Alternatively, perhaps we could, instead, publish an INFECTED SYSTEMS blacklist based on such connections to a honeypot. Any system which made the correct request could then have it's address published via BGP or DNS for ISPs and the like to do as they wish. Again, I don't propose or advocate actively tampering with other peoples systems. However, if someone comes to my website and asks for executable code, then executes it, I do not feel that it is my responsibility to provide them code which will not alter the contents of their system. I also don't feel it is my responsibility to determine if their request came from a human authorized to use the computer or a worm. Owen --On Friday, August 22, 2003 4:54 PM -0700 Doug Barton <DougB@dougbarton.net> wrote:
On Fri, 22 Aug 2003, Owen DeLong wrote:
Sure, it won't happen in 30 minutes, but, I don't understand why this wasn't started when F-Secure first noticed the situation.
I seriously doubt that most (any?) ISP would be willing to accept the legal liability for altering anything on the computer of a third party that just happened to connect to an IP in a netblock they are responsible for. White worms are an elegant engineering concept, but have little practical value (and huge risk) outside of networks that you control directly.
Doug
-- "You're walkin' the wire, pain and desire. Looking for love in between."
- The Eagles, "Victim of Love"