http://grc.com/dos/grcdos.htm good website too.

Wow I read that whole page and when he got to the part of the rundll.exe part I did a control, alt, del and noticed that I have this running. The mor I read I realised that it is actually rundl1. Talk about a relief, I also created bottest.bat file just to be sure. I can now test easily. I hope.

Wow... you other folks need to take a look at that article. Very impressive.

The next article hes working on is also very interesting. Theres only two pages up so far, so its a bit inconclusive, but its a good read. Its about the internet, how that works, how packets work, and how tracert works. http://grc.com/dos/TheInternet.htm http://grc.com/dos/PacketRouting.htm

I am glad I'm not the only one that did the three finger salute to check right away. http://www.sysopt.com/forum/smile.gif

That is one of the best articles I have ever read. Steve went all out on that one. Thanks for the link Vert http://www.sysopt.com/forum/smile.gif

thanks VERT - great story - Steve Gibson writes as well as William Gibson

WOW, that is interesting!
zombie bots post their availability to a secret IRC chatroom when users sign on and have no clue that their machines are ready to attack.
well i did the dosprompt
netstat -an | find ":6667"
but no port was listening.
still would like to know how to remove that zombie when i find it on an other machine.
patrick

I have to admit that I am incredibley impressed with this guy. I have just found out about grc.com from here but this guy is amazing. Writes everything in Assembly Language!

still would like to know how to remove that zombie when i find it on an other machine

I too would like to know. If anybody else has seen how could you please post.

You can get a program called Jammer http://www.agnitum.com/. which has a Netstat function that shows all your open ports... it also monitors registry Run services. http://www.sysopt.com/forum/smile.gif

Interesting article. Scary that a 13 yr old can inflict so much damage so easily. Since MS is incorperating so many of its apps into its OS already, maybe we could petition them to make a built in virus/trojan scanner/firewall program as well http://www.sysopt.com/forum/wink.gif

It's a good thing that we have some people on "our" side when it comes to Internet security -even when it is just to ask "What is Earthlink doing with that browser tag anyway?"

For examples of dammage without social conscience which is committed by young people, one need not look farther than the Colombine tradgedy to see that youths in ego crisis are capable of anything. It doesn't take a rocket scientist in ballistics to pull a trigger and end a life. In a similar way, all it takes is a mouse-potato kid with an insecurity complex and trojan program to cause great harm on the Internet.

What these "script kiddies" fail to understand is that not only is there a loss of revenue to the sites attacked, by the attack itself and the clean-up thereafter, but these activities adversly affect many other users. Many people have come to depend on computers and the Internet for a livelyhood, perhaps even the parents of some of these so-called Internet terrorist kids. There are also a growing number of handicaped people and elderly shut-ins who rely on the Internet for communication, social interaction, ordering medicines, paying bills, and other life sustaining services. Those individuals who would interfere with computers, commerce, and communication, be it by virus, or trojan, or denial of service attacks ought to be thoroughly ashamed of the dammage they are perpetuating.

But one thing I have learned hard - "what comes around goes around." In one way or another, sooner or later it all comes back to you, in one form or another you will be repaid for the good and the evil that you do. Call it karma if you like, but just remember what "they say" about it "payback's a ^$%$&%^&%$!"



[This message has been edited by CMonster (edited 06-04-2001).]

I just went to GRC.com and they have taken down the SHIELDS UP! test due to overload of their T-1 lines. It said the heavy load on the servers(due to the interest about them getting the DDos attacks, they said)was causing errorneous "stealth" returns on some systems that were not actually in "stealth" mode.
I applaud Steve Gibson for doing this and not just leaving it up and giving bad readings. He said it will be back up soon whenever the load decreases on his servers.

Excellent reading. I particularly enjoyed the logged conversation between Gibson & b0ss. Hahaha, I would have paid to see the look on that guy/gal's face. And as for "wicked", has it even been confirmed that he/she is actually 13? I thought Steve's conversations with the FBI were also interesting:

"Both FBI guys said similar things:

They explained that until $5,000 of damage had been done, no crime had even been committed. That's the law. And due to the peculiar nature of GRC.COM's business model (such as it is http://www.sysopt.com/forum/smile.gif, these attacks were stirring up interest in my forthcoming research and it wasn't even clear that we were going to be economically damaged in any way.

Secondly, they said that even if we did manage to meet the $5,000 minimum required for "Wicked's" activities to qualify as criminal, their staffs were overloaded and swamped with cases involving companies that had lost huge sums of money to Internet crime. Furthermore, since the cost of an FBI prosecution was in the neighborhood of $200,000, they needed to prioritize their cases based upon prosecuting criminals who were responsible for causing large dollar losses. "Wicked's" attacks, no matter how annoying, failed to qualify.

And finally, they said that since "Wicked" was only 13 years old, nothing much would happen to him, even if the preponderance of evidence demonstrated that he was behind these attacks. They said that a couple of agents might go out to his home and have a talk with his parents, but in this country his youth was an impenetrable shield. This, of course, further discouraged the costs which would be incurred through any investigation."


[This message has been edited by cerberus6 (edited 06-04-2001).]

You would think the FBI would learn - ever read that book "the cuckoo's egg"? - started over $0.75 worth of missing of computer time. The FBI wasn't interested - wound up being a Eastern block hacker looking for classified info.

I've tested my home system at shields up many times

Ken

Just bumping up the list as I feel this is a very good article people should read.

Great article. every one should read it! Just bumpimg up the response.

great article. kinda makes you wonder what the kids parents are doing while he is wreaking havoc on the net. he needs to be grounded. go get em STEVE.

the yamminator

This article was one hot read around the office. The way Cable & DSL access is being advertised - it's only going to get worse.

"Joe Average" has no concept of firewalls or security.

Ken

excellent article. Especially re: isp's
and irc.

The problem with these "script-kiddies" is that the publicity they get is what drives them. They love discussing their "exploits" and any publicity they get roughly equates to their coolness value.

It's quite common to find that these kids do not see or care about the damages they are creating, so telling them that their activities are harmful to others matter little to them. Ever tried to tell a rebellious 13 year old not to do something?

This is especially true given the fact that little could be done legally to them. 13 year olds are well versed in the fact that even if they were caught, they'll probably get off with a slap on the back of their hands, if any. Thank all those socialogists for us on that one...

So maybe to defuse the threats, we will have to ignore them and not acknowledge their "exploits", thus dampening their ego and their motivation.

Next, someone with some know-how should devise a way of using their exploits back against them. Given that Mr Gibson have been successful at modifying a bot to eavesdrop on them, it would seem possible that the tools could be turn against them (or each other). It's kinda a "peace through superior firepower" tactics, but it might give these kids a heads-up and a message that they are only as invincible as their ego.

Food for thought...

Seems Steve has given up. (http://grc.com/dos/openletter.htm) http://www.sysopt.com/forum/frown.gif

I give major credit to his ISP for being so cool about the situation. Alot of places would have told him to find a new provider. It isn't fair, but thats the way it is.

Super dooper http://www.sysopt.com/forum/smile.gif

This really is an excellent article!

Steve Gibson IS the Daddy!

Yes but how can this steve guy know so much ?. Somehow I dont trust him, what if made all this up ?..just to push his site a little.

How could he gather all this info ?.

I dont know,
cm.

Club_Med, I think your distrust of Steve Gibson is misguided.

"...how can this steve guy know so much"

<^b0ss^> may I ask how old you are?
<Gibson> I'm 46. (Been hacking since I was 14.)

I have no idea what he used to do, but recently he's been providing much needed support for those of us that don't know any better.

He created SpinRite, which I understand is an excellent tool for recovering from hard drive and mass storage crashes.

He authored LeakTest, which is a very simple tool that allows people to test if their machines can connect to the internet without their knowledge....FREEWARE

He wrote OptOut to guard against spyware... FREEWARE

He's got a utility to test Zip drives for impending failure due to the "Click of Death"...FREEWAREW

Data recovery utility for files corrupted by the CIH Virus...FREEWARE

And of course, the FREE internet security test ShieldsUP which has an EXCELLENT FAQ that explains the proper way to set up a network for maximum security.

If you’re looking for a guy NOT to trust... you shouldn't be looking at Steve. IMO

I do not think he needs to push his site. What does he have to gain? He offers free information, and service. He does have things for sale, but you have to look for them a little harder than you would at most sites. It always seemed to me that his site was helping people understand security, more than selling anything.
As far as the kid goes, he will get his in time. That attitude will be picked up on by other kids when he is in high school. There is one common thing with kids like this or the two that shot up the school in Colorado. The are small in size, and if they open their mouth in real life like they do when hiding behind a computer they will get what comes natural to most young males faced with another cocky male. The story of old. The "nerds" do not like the "jocks". Well the attitude the "nerds" give off is "what are you going to do, hit me?" The response is going to be the same as in any species of young males, yes and then some extra because the prom queen is looking.

Regarding the comment that maybe MS should include firewall etc in the OS ... XP will have one ....:-))

Steve Gibsons article was an amazing read.

I've used Steves SpinRite Program for over a year and also use his "TIP" Trouble in Paradise" all the time to check the health of Zip Disks & Jazz Disks. His programs are absolutely the best.