On Sat, Jan 25, 2003 at 11:40:48AM -1000, Jason Coombs wrote: > As of now we don't know who wrote the worm, but we do know that it looks > like a concept worm with no malicious payload. The payload may not have been malicious to the host, but this does not imply a lack of malice. It certainly caused, and is causeing a large ammount of grief in the network sense. Given the steps taken to randomise the target IP address, it is highly likely that this worm was targetted at networks, not hosts. > There is a good argument to be made in favor of such worms. I'm afraid that your argument doesnt hold up to scrutiny. There is no logical reason why the rest of the non MS-SQL using world being affected by an MS-SQL bug (and an inadequecy on the part of MS-SQL admins) should be a good thing. If the worm had a malicious (in your terms) payload, it would have caused networks just as many problems (so no gain there), and more harm to MS-SQL users. Using your logic, surely this much more damaging experience would have cause MS-SQL admins to be more responsible in keeping up to date ? Or rather, more fearful of future exploits. As it is, MS-SQL admins may feel that since this bug did not affect them in any serious way (if you can follow that certain line of thought), they may assume the same thing about future exploits. When viewed from that perspective, this exploit is as malicious as possible to general internet infrastructure. Benign to the people who can do something about it, malicious to those who cannot. -- colmmacc at redbrick.dcu.ie
