Subject: Re: Code-red worm (snicker snicker :-) )
To: None <netbsd-users@netbsd.org>
From: Todd Gruhn's account <tgruhn2@mail.com>
List: netbsd-users
Date: 08/02/2001 21:14:32
The reason I brought this up is because I thought someone ought to -- we all hold
Micro-(mumble) in contempt. As to the Morris Internet worm, the reason it hit
all those machines, is they all ran BSD, and they all ran sendmail in wizard
(or was it debug mode). Either way, that is a big no-no. The goal of the Morris
worm was to replicate itself and walk across the contry; Mr. Morris will collect
the worm and say "See how wide open ya-all are to such an attack; you should
make me famous". Mr. Morris failed to beta test his worm. When it hit machines,
it replicated too fast, and swamped the CPU.

The original use of worms was not even vicious -- they were used as a way to harness 
unused cpus to do complex probs like factoring large numbers.

To quote Ches and Bellovin "Why such a complicated program is allowed to run as
root is beyond me..."
OK. Why is the IIS allowed to run as root? And then again Micro-(mumble) does
things differently. Maybe this makes a statement about the Micro-(mumble) way?
BTW: Just how does code-red infect an NT system?

-- 
Indeed in nothing is the power of the Dark Lord more clearly shown than in the
estrangement that divides all those who still oppose him. --Lord of the Rings