On Sat, Jan 25, 2003 at 11:40:48AM -1000, Jason Coombs wrote:
> As of now we don't know who wrote the worm, but we do know that it looks
> like a concept worm with no malicious payload.

The payload may not have been malicious to the host, but this does
not imply a lack of malice. It certainly caused, and is causeing
a large ammount of grief in the network sense.

Given the steps taken to randomise the target IP address, it is
highly likely that this worm was targetted at networks, not hosts.

> There is a good argument to be made in favor of such worms.

I'm afraid that your argument doesnt hold up to scrutiny. There is no
logical reason why the rest of the non MS-SQL using world being
affected by an MS-SQL bug (and an inadequecy on the part of MS-SQL
admins) should be a good thing.

If the worm had a malicious (in your terms) payload, it would have
caused networks just as many problems (so no gain there), and more harm
to MS-SQL users. Using your logic, surely this much more damaging
experience would have cause MS-SQL admins to be more responsible in
keeping up to date ? Or rather, more fearful of future exploits.

As it is, MS-SQL admins may feel that since this bug did not affect
them in any serious way (if you can follow that certain line of
thought), they may assume the same thing about future exploits.

When viewed from that perspective, this exploit is as malicious as
possible to general internet infrastructure. Benign to the people who
can do something about it, malicious to those who cannot.

--
colmmacc at redbrick.dcu.ie

[ reply ]