I have been Slashdotted
For those of you who dont know, last week a new worm hit the Internet. This one like the previous ones, would spread by bombarding people from outlook express’s address book. However this was just one of the things the worm was equipped with. It would also setup a smtp server on your machine and use that server as an open relay to send out thousands of mails. Its also connects to IRC channels and builds tons of botnets, waiting for an instruction to be sent. It also builds up these bots via AOl Instant messenger.
Another feature that the worm had was to self update itself (It would self update to upgrade itself, coordinate botnets etc). Now the website it would do it from was a Geocities page.( rather 2 of them). The guy who wrote the worm, registered one of the URL’s and put up his self update script there on the server. He however ( for whatever reason ) did not bother to register the other one. I made a post about it 2 days ago here
I went ahead and registered the second URL myself and kept a dummy file to pickup the logs. I came to know about the second URL a day later, which I disabled and then handed it to the The Fizzer Task force. Now to kill as many of these worms as possible, the task force has uploaded a new windows program which will uninstall the worm off the machine and also remove the registry entries from the system.
and the link to my previous post by kingsly at Slashdot
Its nice to know that something you were involved in (thought not directly) got slashdotted
P.S – The guy who wrote the worm calls it the “Sparky” worm.
Hi,
Was browsing the LJ and read your post.
‘Sparky’ is the official ASU mascot. (Arizona state univ).
He is the ‘Sun Devil’. I wonder if there is any relation?
Its nice to know that something you were involved in (thought not directly) got slashdotted
For me, it is actually nice knowing that the initiative you showed has very possibly helped evolve a solution to a very nasty problem that is affecting people worldwide.
Good work!
http://rtns.org/kalyan/lj/lj_slash.gif
He he he – just to mess up that hits count a bit.
How many till now?
And if *you the reader* is wondering what it is about – then most probably it does not concern you – click on the link anyways
Good job, man
Amazing, man. You did your own bit to stop it. Keep up the good work 🙂
I did not realize for a long time,that the link to LJ had come on slashdot. Only when some random person posted on my post, I got suspecious and went and check out the comments on slashdot.( this was atleast couple of hours after the link went up )
So I added the “becon” at around 11pm last night ( atleast 4 – 5 hours after kingsly posted the link )
So as of now it stands at 361. but my site also took some hits because of this. I am really bugged with the lack of stats on LJ. I will wait for couple of months, if it still does not happen I will sit and write one. I dont think it should be too tough to do it, as long as I have access to the server access logs.
and stop publishing the link :p
You are the corruptor of my logs
I am trying to make this automated somehow, i.e to generate a gif with the filename as my post ID and then put that becon on everypost I make. Ofcourse I could possibly hack logjam and make it do that automatically each time I post something… still exploring.
He He He 😉
I have a tracking system chalked out – you need not have a gif generated at all what you need is something like < img src="http://mydomain.com/beacon.php?uniquePostID" >
beacon.php will do the needful in a flatfile/MySQL or whatever, yes it will also output a gif to the browser – no need to access th server logs.
If you have the capability to hack logjam to do it – I am willing to do the PHP part.
Wicked!
Good one, Tarique 😉
Cool stuff! Keep the good work up, but try to get some sleep in the night. 😉
Heh. You might not need to hack logjam to do so. For paid users, there is a journal customize option – more specifically, this one. Note the %%itemid%% thing there that they say we won’t ever have to touch. Thats all you need to have your php thing going. So when do you release beacon.php? 😀
The link you provided will not work 😉
but Nope, what you are suggesting will work only if people read the entry from your LJ most people dont do this – they use their friends page… …
What is required is a beacon (web bug is the term I believe) to be inserted in the body of the post, since the itemID is not allotted before posting (obviously) this will have to be generated by the LJ client. Then some way will have to be found (LJ XML-RPC?) to co-relate this client Generated ID to the LJ itemID so that more readable stats with post title etc can be generated…. …
However I am trying out a less complicated thing which might not give per post results – but still give a rather interesting feedback like who read the post from where etc…
they use their friends page…
Point. I jumped the gun. 😀 I’d totally forgotten that your customize your “comment on this” link has no effect on their view of your posts.
Hmm, yes, you’d need in the body, and the itemid will not be generated till the post is done. So you’d have to issue an edit. of an existing post to get that. Ok, I’ll try hacking a bit with the LJ XML-RPC interface this weekend to see if I can create a program that’ll append signatures to existing posts.
Yes appending signatures to post is the thing…
LJ XML-RPC need not be involved at the client level…
If you can convince Logjam to add something like
at the end of the post it will work. The stats program which will be hosted somewhere will do the needful (hopefully) like getting the post title by looking at the embedded uniqueID.
UniqueID can be date+time
oops forgot that the img tag will be rendered!
signature should add something like
< img src="http://ljstats.com/beacon.php?uniqueID=xxxxx" >