Void's Forums

[Void Main]

I hate stupid Microsoft garbage. I'm tired of seeing people hitting my machine looking to infect me with Code Red (like that could ever happen). I have created a little page to answer their requests (along with any other IIS hackers out there looking for a back door):

http://voidmain.kicks-ass.net/c/winnt/system32/cmd.exe
http://voidmain.kicks-ass.net/d/winnt/system32/cmd.exe
http://voidmain.kicks-ass.net/MSADC/root.exe
http://voidmain.kicks-ass.net/scripts/root.exe

Those machines that have hit me just in the last couple of days and appear to be infected Winblows machines:

http://voidmain.kicks-ass.net/codered/

They are obviously wide open. If someone knows of a way to contact these people to clean their crap up feel free.

[choasforages]

the phriendly helping box at icculus.org might have a less then legal solution to your problem.

http://www.icculus.org/~chunky/iis/

this may or may not help, but atleast it sounds cool

[Void Main]

Yeah, I thought about sending some code back at them to format their drive and install Red Hat for them but then I thought that might be going a little overboard. So I just stuck with logging them and sending them a directory listing from a windows box. I suppose I could have just had it automatically send a popup message to them indicating they have been rooted previously by someone else and their machine is trying to root mine.

In fact having it automatically kick off a Red Hat ISO download to their machine might not be a bad idea.

[choasforages]

i would go for totally killing it off. people that run iis should learn to keep their WTD's /*web transmited deases's*/ to themselves. and i think they would fix the problem real quick if they keep installing IIS and getting code red'd and then killed my a machine retaliating, and if they don't get the point, it must suck to be them

[Calum]

Yeah, I thought about sending some code back at them to format their drive and install Red Hat for them but then I thought that might be going a little overboard. So I just stuck with logging them sending them a directory listing. I suppose I could have just had it automatically send a popup message to them indicating they have been rooted previously by someone else and their machine is trying to root mine.

In fact having it automatically kick off a Red Hat ISO download to their machine might not be a bad idea.

i don't see anything wrong with this. i think you should go for it.

[Void Main]

Or I could have it install porn-get and have it change their wallpaper daily. :)

[X11]

send an email to abuse@leeth4x0rs-isps-domain.l33t-h4x0rs-isps-tld

[X11]

and now my ip is on there

[Void Main]

and now my ip is on there :-)

Not any more. I was in the process of writing the code when you looked at it. I didn't have it written to filter just the actual infected machines. Now it is...

[X11]

cool, where do i get source for this?

[Void Main]

http://voidmain.kicks-ass.net/files/codered.tar.gz

I use URL rewriting in the virtual host section of my httpd.conf file for my voidmain site to make cmd.exe and associated directories point to the codered.php file:

Code: Select all

    <IfModule mod_userdir.c>
       RewriteEngine on
       # Code Red Windows Garbage
       RewriteRule ^/codered$ /s/codered.php
       RewriteRule ^/codered/$ /s/codered.php
       RewriteRule ^/scripts/root.exe$ /z/cmd.cgi
       RewriteRule ^/MSADC/root.exe$ /z/cmd.cgi
       RewriteRule ^/msadc/root.exe$ /z/cmd.cgi
       RewriteRule ^/c/winnt/system32/cmd.exe$ /z/cmd.cgi
       RewriteRule ^/d/winnt/system32/cmd.exe$ /z/cmd.cgi
    </IfModule>


There are no comments in the code but there isn't much code there. In fact there might be more lines in my rewrite rules quoted above than in the two programs associated with this. :)

[X11]

Cool stuff.

[Linux Frank]

I heard briefly on the radio that there was a world wide increase of virus transimissions last night that slowed the net down considerably, whilst I doubt most news cast statements about technology and the internet, maybe this was related.

Did anyone else hear this?

[Nobber]

Did anyone else hear this?

I didn't hear it, but I did feel it. Wondered what it was.

[Void Main]

I actually saw a blirp on TV this morning about it being a Code Red or Code Red like virus. None of them appeared to hit me. I didn't get any more hits from idiots than I normally get on a daily bases (maybe it just hasn't got here yet). When are people gonna wake up and realize Microsoft is going to have a virus problem from here until the day the go out of business (hopefully soon).