[UFO Chicago] Code Green

Nate Riffe inkblot@geocities.com
Sat, 11 Aug 2001 23:02:02 -0500 (CDT)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello Friend,

Are you sick of watching your Apache logs grow by megabytes with requests
for default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX......

I was too... that is, until I wrote Code Green.

Code Green is a tarball that you can untar and copy into your DocumentRoot
and watch those rogue requests disappear - LIKE MAGIC!!

Code Green works by installing a PHP script named default.ida (the same
script exploited by the Code Red worm that's flooding your local subnet
with HTTP requests).  This script, when activated by the version 2 of the
Code Red worm, executes a command on the infected machine that opens
Internet Explorer to a warning page (included in the tarball).  The
warning page explains that the machine is infected, and where to go to
find out how to fix it.  The warning page also has a link on it that when
clicked will cause another PHP script to shutdown the IIS server.  On the
other hand, if the user is sick and tired of Microsoft and all of its
buggy-wuggies, the user can click on a link to email me at
codered@humble.movealong.dhs.org for information about Red Hat Linux and
Debian GNU/Linux.

- From any other source, you would be expected to pay as much as $35 for a
product like Code Green...  BUT NOT ME!  You can get your very own copy of
Code Green for FREE from http://tastytronic.net/~inkblot/codegreen.tar.gz

Download, install and watch those nasty hits disappear as novice users the
world over patch their systems and bitch to Microsoft!

- -Nate

DISCLAIMER: This message has been composed in a form similar to spam, but
it's not really spam.  It's just me being creative in a really stupid way.
But I don't think anyone on this list is an idiot, so you probably already
figured that out.

P.S.  Please modify default.ida to point to your webserver.  Mine is on a
dialup link and 1) has very little bandwidth and 2) is not always online.

- -- 
- ------------------------------------------------((\))<----------------------
Nate Riffe                 | PGP public key available at:
http://movealong.dhs.org/  | http://movealong.dhs.org/~inkblot/pgp-key.asc
inkblot@geocities.com      |
nriffe@students.depaul.edu | Secure your email today!

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv

iQA/AwUBO3X/vIjJNqeHAZR4EQI1hwCbBVKQ+fvOpTeVN6QgME89dog5s/YAn1vk
pdMbM4PJ9fW8165roaOf1FW4
=p8Sy
-----END PGP SIGNATURE-----