Linux Today: Linux News On Internet Time.

ZDNet/Yahoo!: Automatic patching: Will it make the world safe from worms?

Sep 13, 2001, 18:23 (20 Talkback[s])
(Other stories by Robert Vamosi)
"Worms and viruses often target specific vulnerabilities in common software. But what if the terms were reversed? Rather than attacking the vulnerability of software for malicious purposes, what if the worm or virus actually attempted to secure the software by applying a patch? Like it or not, it is already happening.

On September 1, someone posted to BugTraq the code to Code Green. The code, which ostensibly fixes systems that are still infected with the Code Red virus, was left for users to assemble and use--if they wanted. The author, Herbert HexXer, added the following: "I will not take responsibility for any damage that might be caused by this code. Be sure to have understood the code and it's [sic] purpose before beginning to play with it." Another post included the code for CRclean, which was deliberately broken by its author, Markus Kern. Both were intended to force the issue: either you patch your system, or I will find a way to do it for you.

THE PATCH for the .ida vulnerability that Code Red exploited existed for some time, yet a number of IIS servers (for whatever reason) remained unpatched. As I write this, yet another primary color worm, Code Blue, is attacking IIS servers that have not patched the Web Server Folder Directory Traversal vulnerability. The existence of Code Green and CRclean demonstrates the desire by some to begin automating the process of installing patches. As with any innovation, there are pros and cons."

Complete Story

Related Stories: