Full Disclosure: phpBB Worm writers are dumb

[EmirAga <emiraga () emiraga com>]

lots has passed since releasing a phpbb worm by some stupid people, i will 
list my oppinion about it.

- why release a worm? not sure about newer ones, but first one did not do 
anything, so, whats the point?. Worm will warn whole world about 
vulnerability and most of servers will patch it, without worm it would stay 
just another bug in their forum and most non will worry about it. Security 
_penetators_ are loosing their jobs because of you.

- first worm sent a thousand requests before infection. The newer one do 
'wget' it from static http location. STUPID. Simply worm could send his self 
by POST or FILE_UPLOAD method since they are not written in logs. In logs 
would be written a small request that most administrators will not notice. 
what's wrong with eval($_POST[x])?

- first worm wrote his self to current directory, we all know that in most 
cases this will fail. Better solution would be to write to /tmp, or even 
better to use upload $_FILES[worm][tmp_name]. So stupid!

- Why didn't they removed comments and replaced their variables with smaller 
ones, so worm will go faster.

i just hope no one will rewrite its code with newer _version_ cuz then i will 
be the stupid one here.

just wanted to say that worm writing sucks and real programmer will never 
release one.

greets
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html