

Ask HN: Could someone theoretically write a Rails server patching worm? - bcjordan

Theoretically, how effective could a Rails server-borne worm be at patching servers without disrupting the majority of them?<p>Keep in mind worm deployment (even "good" worms) is illegal and has a history of causing more damage than good. http://en.wikipedia.org/wiki/Computer_worm#Worms_with_good_intent
======
bediger4000
The legendary "Max Vision" did this in 1998:
[http://www.theregister.co.uk/2001/05/22/whitehat_max_vision_...](http://www.theregister.co.uk/2001/05/22/whitehat_max_vision_gets/)

Apparently, he modified some worm code to fix a BIND problem, then search out
more unpatched systems to infect and fix.

Someone named Markus Kern gave out some interesting IIS code in 2001, during
or just after the "Code Red" worm epidemic. When the code got a "Code Red"
signature, it would propagate itself to the IIS server from which it had
received a "Code Red" signature. See: <http://seclists.org/vuln-
dev/2001/Sep/1>

Looks like one "Herbert Hexxer" did something much the same:
<http://seclists.org/vuln-dev/2001/Sep/0>

It would be interesting to hear if anyone fixed Markus Kern's code and
released it into the wild. "Code Red II" worms were an ongoing annoyance for a
couple of years, then suddenly and instantly disappeared.

