Re: [Full-Disclosure] DCOM/RPC story (Analogy)

["Kristian Hermansen" <khermansen@xxxxxxxxxxxxxxxxx>]

Message<<< guess this will make worm writers a little more scared and they will 
start to watch their steps a little more carefully now and not have the damn 
drones contact their own website which is registered to their name.

-SF >>>

The thing is, this kid shouldn't be taking the blame for ALL infections.  And 
like I stated in my previous post as predicted...John Q. Public thinks that the 
FBI caught the original virus writer, which all of us smart techie people (not 
me included) know is absolutely false.  The prosecution may only be charging 
him with 7000 infections, but the general public (whom don't know what the hell 
even javascript is) are now mistakenly (due to their own stupidity and the need 
to create conversation at the "water cooler") accusing him of ALL infections.  
Remember this one thing boys and girls: The general public are a bunch of 
cattle and corporations/mass media/governments are going to move them in any 
way they want for their own interests, without any questions being asked.  The 
cattle don't know their purpose in the first place, and as long as you don't 
really whip them very hard, they will keep on moving in the direction you are 
leading them.  They have successfully herded the cattle....

Kris Hermansen

  ----- Original Message ----- 
  From: Steven Fruchter 
  To: full-disclosure@xxxxxxxxxxxxxxxx 
  Sent: Sunday, August 31, 2003 3:19 PM
  Subject: RE: [Full-Disclosure] DCOM/RPC story (Analogy)


  That is completely moronic to act as if he did not do anything but just hex 
edit the code and change the name for example on the .exe .  He also like a 
moron had the infected drones contact his website (which he is registered to) 
so that he can see who has been infected to control them.  This means that he 
had more than just wanting to change the name of an .exe for example, it shows 
his intent.  Yes you are right about the 7,000 being exploited anyways, and yes 
this kid definitely should not get such harsh treatment, but the sad fact is, 
he probably will get all of punishment from what someone else did, he is just a 
lame kid who should not of took someone else's code to try and be cool first of 
all, and now he is paying the price for trying to be cool.  I have had some 
many people come up to me and tell me they caught the guy that released the 
blaster worm and than I have to yell at them and say, "NO they didn't!  They 
just caught some kid who made a lame variant using the original worm."  
Regardless of what he did or didn't do, he will probably get the blame of the 
entire thing, guess this will make worm writers a little more scared and they 
will start to watch their steps a little more carefully now and not have the 
damn drones contact their own website which is registered to their name.

  -SF
    -----Original Message-----
    From: full-disclosure-admin@xxxxxxxxxxxxxxxx 
[mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx] On Behalf Of Kristian Hermansen
    Sent: Sunday, August 31, 2003 10:53 AM
    To: full-disclosure@xxxxxxxxxxxxxxxx
    Subject: [Full-Disclosure] DCOM/RPC story (Analogy)


    I also agree with you.  The kid is guilty of nothing more than "Unethical 
use of a hex editor".  And here's my MAIN FUCKING POINT SO LISTEN UP ALL OF YOU:


    THE 7000 COMPUTERS THAT HE SUPPOSEDLY INFECTED WOULD HAVE BEEN INFECTED BY 
THE "ORIGINAL" WORM HAD THEY NOT BEEN COMPROMISED BY HIS VARIANT FIRST.  SO 
WHAT'S THE FUCKING CRIME?  READ BELOW...


    The analogy is this:  A scientist drops a monkey infected with the Ebola 
virus into a large tank containing 20,000 other monkeys.  Some monkeys have 
been given a shot to protect them from infection, so as the virus spreads they 
do not become a carrier.  The outbreak starts at the far west end of the 
container and is working its way to the east side, infecting every monkey 
exponentially as they all pass it on to their neighbors.  One of the smarter 
monkeys gets infected and realizes what is happening.  For some strange reason 
this monkey knows that drinking a certain liquid (on the floor of the 
container) will slightly alter the properties of the virus he has become 
infected with immediately.  He stirs up the other end of the container by 
hurling a pile of his own feces.  Now, the outbreak has not reached that end of 
the tank yet (but most definitely will in time) and the outbreak is now 
spreading from the west and east ends toward the center.  After the outbreak 
has reached its infection maximum and looking at all of the dead monkeys on the 
tank floor, the uninfected monkeys start asking questions as to what the hell 
happened to their brothers and sisters.  Weeks go by and no one has an answer.  
Finally, one monkey overhears a conversation about how one guy threw his shit 
all the way across the tank.  That's the guy we need to punish they concluded.  
They apprehend the monkey on his death bed for throwing his own shit and 
causing the outbreak at the east end of the tank, which supposedly killed 7000 
monkeys.  They continued looking for the original infectioner, but the 
scientist was never discovered.  Some of the monkeys started to blame God for 
allowing this infection to be possible.  "Why the hell does God want to torture 
us?  We are but mere mortals!", exclaimed one monkey.  "God works in funny 
ways...", sighed another monkey.


    Kris Hermansen
    ceo@xxxxxxxxxxxxxxxxx


    On Sat, Aug 30, 2003 at 10:39:53AM -1000, Jason Coombs wrote:

    > if he made the modifications and gave the modified worm to other people 
but
    > didn't cause it to infect anyone else's computers, then what crime is he
    > guilty of exactly? criminal misuse of a hex editor?

    it could certainly be argued that the "damage" caused by this copy of the
    program is no greater than it would have been if his home computer had 
    simply been infected and passed it on in the usual way. in fact, maybe
    he is even the pioneer of a new art form where people, out of respect for
    the rights of the autonmous agent, refuse to remove these programs from 
their
    computers and use hex editors to tattoo their message onto the worms' backs.
    i can see web sites with worm poetry -- the random juxtaposition of 
    sentences that trace a particular worm geneaology as it passes across the
    mesh, perhaps even paper-bound volumes.

    other than neglecting to install a program with a genocidal attitude
    towards certain processes, what exactly did this guy do wrong?