Zen Bastard (jimbojones) wrote,
Zen Bastard
jimbojones

  • Mood:
  • Music:

The road to hell is paved with well-meaning retards

Okay, by now, unless you live under a bigger rock than vyacheslav, you've already heard of (and possibly had to get rid of) the MS-Blast worm. And if you keep abreast of the field, you'll also have heard of Nachi, a variant which the drooling retard of an author intended as a sort of "white knight" to patch machines against the vulnerability that MS-Blast exploits.

Unfortunately, said drooling retard never bothered to think about how ABUSIVE the worm is to network resources. And as it turns out, if a machine behind a home or small business router starts trying to portscan out through the router as fast as the worm tries to, the router gets overloaded and completely quits responding to ANYTHING in seconds. So in the name of "helpfully closing off the vulnerability" by exploiting it the same way that MS-Blast would, it also kills your network just as fucking dead. Actually, I think deader. I've seen plenty of ACTUAL MS-Blast infections in the past couple of weeks, and none of THEM actually brought their entire local network down.

And if that wasn't irritating enough already, the drooling retard also thought that he would demonstrate his "cleverness" by doing a far, far better job of hiding his "Good Guy" version of the worm than the original author did. The original worm simply runs from the "Run" key in the registry, and is very easily found and dealt with. But Dipshit McClueless that wrote the "Good Guy" version decided that he'd make HIS version install itself as a service, and mimic the WINS service closely enough that it took me a solid hour of poking around at an infected system before I could figure out what the HELL was running on it and DOS'ing the router.

Now, if Nachi was supposed to be a Good Guy thing, and it was just supposed to apply the patch to machines whose admins were too clueless to know how, why the fuck would it need to HIDE better than the original does, hmm? Shouldn't we be presuming that the act of inspecting the registry for rogue keys would, in and of itself, signify that the machine was getting the attention it needed, and that Nachi could/should be removed? It doesn't really matter, in the long run. Because the long and the short of it is, whatever cowboy-ass motherfucker wrote this thing has caused my customers more havoc than MS-Blast itself could ever HOPED to have done, and if I got the chance I'd string him up by his shriveled little dick and use his nutsack for a pinata.
Subscribe
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your IP address will be recorded 

  • 8 comments