Slashdot Mirror

Did anyone actually read the blog posts from the guy who put the "beatdown" on the 13-year-old hacker? Maybe I'm just too cynical, but it sounded like a bunch of hooey to me. The chat screenshots especially didn't ring true. A real story about putting a script kiddie in his place is at least mildly interesting, but a self-aggrandizing story of a fictional beatdown on fictional hackers (if that's what it is) is pathetic, at best.

"It sounds to me like the story is about *two* wannabes, not just one."

Indeed. From http://www.vitalsecurity.org/about.htm

"I am Christopher Boyd, Microsoft Security MVP...Originating from Liverpool, England with a [sic] Honours Degree in Fine Art...Nowadays, you can find me lurking in the darkest corners of the Internet - kicking ass and taking names. Kung-Fu style..."

Jesus Tap Dancing Christ. A Scouse fine arts grad fighting malware on teh intarwebs. What a douche.

You mean like harmless fun?

So if I come fuck up your car, that's harmless fun. Right? A couple of hundred dollars of damage is no big deal as long as it's in fun... What if take you wallet in the name of fun? I don't do anything with you credit cards or ID, just burn the whole thing. But hey, it's just harmless fun. Every bully in every school yard uses the lie "I was just playing." and that is exactly what this kid is, a bully. He sees his advantage over others and exploits it for his own pleasure and bragging rights. We don't put those kids in jail, but older brothers of victims or sometimes victims themselves do beat the shit out them eventually. That sounds about right for this kid: John C. in Hartford Connecticut. Here's his picture:http://www.vitalsecurity.org/uploaded_imag es/bplanetgangsta-795477.jpg If any one reading this out there was effected by this malware, perhaps they should stop by his house and "express their appreciation" for this punk's contribution to society.

He also doesn't seem to get that sometimes people DoS sites out of spite or out of malice.

You can't put a pricetag on being an asshole to the internet community.

I don't really care "who gets there first" as long as SOMEONE gets there and informs us about it, the more the merrier. I think I saw Websense writing about this too, and the guy who writes at SPG must know the Lolo guy, because he's in his friends list and links to him from here:

http://www.vitalsecurity.org/2006/12/phishing-atta ck-on-myspace-leads.html

Looks like this has been going on for at least a week, i'm just surprised someone hasn't picked it up sooner.

A URL linked from Eon8 itself that includes screenshots of the hack: http://www.vitalsecurity.org/2006/07/eon8-summary. html

...for those that can't be bothered looking for them in the summary.

http://www.argn.com/archive/000428eon8_activate.ph p
http://www.vitalsecurity.org/2006/07/eon8-summary. html
http://louisex.dommox.com/eon8/

theres a few more, but they're mostly over the top speculation of a "world ending" variety.

This is solely an application problem. It has _nothing_ to do with Windows.

[...] and Windows (up until recently) never had the equivelant of a linux sudo to get around that requirement.

It's always had the functionality.

Windows developers have been encouraged for years to write programs dependant on root access.

Encouraged how ? What Microsoft documentation can you provide showing that developers have been told to write applications dependant on Administrator level access ? How do you reconcile this claim with the requirement of the "Made for Windows XP" logo that applications must run in a normal user account ?

Execute permissions prevent accidental execution of malware on Linux, as does not having a stupid system of extensions which are so easily spoofed (especially when default windows behaviour is to hide recognized extensions!).

Very little malware is executed "accidentally". If you seriously think the need to run "chmod a+x" or GUI equivalent is going to stop many people from running their "watching the dancing elephants" program, you're delusional. People are happy to open up password-protected zipfiles to get their malware fix, having to make something executable is barely a speed bump.

The move over to NTFS was good, but it only really hit the public with XP.

Probably because XP was the first release of NT that was aimed at the public. Not that file permissions are particularly important to malware in the typical case.

I still know many people using FAT-based systems. How long has Linux been running a permissions-based filesystem?

Does it matter ? Most unmanaged machines are single user and the most important files on the system are the ones the user has full permissions to anyway.

Windows NT has defaulted to NTFS since the day it was released. If people are running it on FAT, someone has made a conscious decision to change the default.

There's a few architectural security advantages Linux has over windows.

Like what ? Having to manually make files executable is about the only thing I can think of that would come close to this, and at most it's a minor issue.

On the more abstract level, being open source gives Linux the potential to be more secure - it's hard to hide critical vulnerabilities in Linux, whereas MS has a history of doing so for windows.

There's been no shortage of "critical vulnerabilities" in OSS apps that have gone unnoticed for extended lengths of time.

On my new laptop, however, I was browsing around using IE while I waited for firefox to download, and in between the time it took to start the download, and the time it had finished, IE had managed to install a little bugger called Aurora for me . Thanks IE!

Maybe not.

(Although I bet you weren't running as a non-Admin user, as well.)

This is solely an application problem. It has _nothing_ to do with Windows.

[...] and Windows (up until recently) never had the equivelant of a linux sudo to get around that requirement.

It's always had the functionality.

Windows developers have been encouraged for years to write programs dependant on root access.

Encouraged how ? What Microsoft documentation can you provide showing that developers have been told to write applications dependant on Administrator level access ? How do you reconcile this claim with the requirement of the "Made for Windows XP" logo that applications must run in a normal user account ?

Execute permissions prevent accidental execution of malware on Linux, as does not having a stupid system of extensions which are so easily spoofed (especially when default windows behaviour is to hide recognized extensions!).

Very little malware is executed "accidentally". If you seriously think the need to run "chmod a+x" or GUI equivalent is going to stop many people from running their "watching the dancing elephants" program, you're delusional. People are happy to open up password-protected zipfiles to get their malware fix, having to make something executable is barely a speed bump.

The move over to NTFS was good, but it only really hit the public with XP.

Probably because XP was the first release of NT that was aimed at the public. Not that file permissions are particularly important to malware in the typical case.

I still know many people using FAT-based systems. How long has Linux been running a permissions-based filesystem?

Does it matter ? Most unmanaged machines are single user and the most important files on the system are the ones the user has full permissions to anyway.

Windows NT has defaulted to NTFS since the day it was released. If people are running it on FAT, someone has made a conscious decision to change the default.

There's a few architectural security advantages Linux has over windows.

Like what ? Having to manually make files executable is about the only thing I can think of that would come close to this, and at most it's a minor issue.

On the more abstract level, being open source gives Linux the potential to be more secure - it's hard to hide critical vulnerabilities in Linux, whereas MS has a history of doing so for windows.

There's been no shortage of "critical vulnerabilities" in OSS apps that have gone unnoticed for extended lengths of time.

On my new laptop, however, I was browsing around using IE while I waited for firefox to download, and in between the time it took to start the download, and the time it had finished, IE had managed to install a little bugger called Aurora for me . Thanks IE!

Maybe not.

(Although I bet you weren't running as a non-Admin user, as well.)

"A group in the middle east who previously infected PCs with a rootkit via IM, apparently installed BitTorrent without user permission on infected machines, then started piping movies to the end users."
http://digg.com/security/BitTorrent_installed_with out_permission%2C_downloads_movie_files

more links:
http://www.vitalsecurity.org/2005/12/bittorrent-re loaded-unauthorised.html
http://www.spywareguide.com/articles/the_bittorren t_auto_installs_98.html
http://www.techdirt.com/articles/20051220/2013214_ F.shtml

If you want a full on, voice of God raging from a thunderstorm malware apocalypse complete with stupid pictures, pressure cranked up to 11 and the now obligatory sound and vision link, keep it tuned to Vitalsecurity.org.

However some people prefer Opera because it's
1) more secure .... link 1 .... link 2 .... link 3 .... link 4 .... link 5 .... link 6, September 16th 2005
2) faster
3) Is actively worked on -from Mike Connor, an important Firefox developer
4) smaller (3.7mb vs 4.7mb)
5) less bloat/ram usage

For the most recent outrage see Paperghost's blog which describes the installation of spyware using child porn as bait. Don't ask the question "how low can they go" unless you can stomach the answer.

Did you read TFA?

In the logs, he found that "nail.exe" and "aurora.exe" were always listed alongside "btdownloadgui.exe," the user interface that downloads/uploads when using BitTorrent.

It's rather interesting that the author mentions one specific BT-client along with the spyware executables. To me, it seems that he tries to create the impression that the spyware installs itself along with "btdownloadgui.exe". Like it did with Kazaa, actually, and a lot like what happened when you installed things like Netscape 4.x or RealPlayer a few years ago. They, too, used to come bundled with heaps of spyware.

The article that he's referring to makes it a little clearer that it's not BitTorrent itself that is the immediate spyware carrier, but the thing is most interesting in what it does not mention. From the screenshot, the title of the download looks like "family_Guy_403_PDTV - LOL.rar" or something like that. Then, in the next screenshot, he proceeds to actually install stuff on his computer. WTF - install a RAR file? In my eyes, there's some serious explanation lacking here. In the first place, he must have unrarred the download, then found an executable in there. Starting this executable produces a License Agreement, which he has to accept before proceeding. All this just to watch a lame TV show? If you run a domain called "vitalsecurity.org" you should probably know better.

The next thing, he'll be writing about how worms and trojans are often found along with a program called "outlook.exe". Oh, wait...

http://www.vitalsecurity.org/2005/06/aurora-instal l-source-revealed-and-175.html

The story says that torrent files are being bundled with adware programs, not BitTorrent clients.

How can this happen? Again RTFA.

If seeing is believing, look at this link from the news story:

Vitalsecurity

You'll see a RAR--not an exe--for an episode of Family Guy. When you try to open it, you're faced with a licensing annoucement, which if you agree to it, will pack your Windows system full of spyware.

Would this fool someone who knew what they were doing? No.

Would it fool a lot of users just looking for a cheap thrill? Oh yeah.

Does this make it a real problem--as the article suggests--I certainly think so.

Maybe not for me, maybe not for you, but for those millions of clueless users, yes, oh yes it does.

Steven

Clicking through to the aurora review, I was surprised to see that the text in the 'scan your computer' dialog box (image) looked strikingly like the text at respectcopyrights.org; a site run by our favourite Media Cartel in the whole wide world.

Clicking through to the aurora review, I was surprised to see that the text in the 'scan your computer' dialog box (image) looked strikingly like the text at respectcopyrights.org; a site run by our favourite Media Cartel in the whole wide world.

More info from Vitual Security here and here.

More info from Vitual Security here and here.

Unsigned applets are (mostly) fine, they are sandboxed.
This was a signed Applet. Now, I think the Java signed applet/wenstart box need a rethink (and have for some time), and having the "yes" button disabled for 3 seconds, and more details on what the Applet wants to do (with Runtime.exec and write permission outside the user.home being silenty rejected).

If you look at the screen shot, you have a large "ActiveX Blocked" sign over the top (not Java). I'm guessing they have some browser sniffing stuff, send an ActiveX to MSIE (which for MOST users will just install, no questions asked), and Java to everything else (will only install if some stupid user clicks "Yes").

Now, Java's "signed jar" warning window does suck, a lot, but this is NOT a "Hahaha, java/FF is da zvc|3rs" shit that people are making out. At lest you are asked, rather than relaying on ActiveX to be disabled.

"Being a curious soul, I agreed to the install"

http://www.vitalsecurity.org/2005/03/firefox-spywa re-infects-ie.html

What if there was an infection out there that could bypass Firefox and still get its grubby little paws on IE, and from there, the heart of your OS? What if that same infection could get past not only FF, but a whole raft of other (supposedly more secure) browsers too?

What if, of all people, Neil Diamond was indirectly involved in this craziness?

The answer is, some sneaky coding is being used to get around your browser of choice. Upon visiting the target website, nothing happens. Nothing that is, unless you have Sun Java Runtime Environment installed on the host machine. And seeing how everyone is being urged to turn away from Microsoft's Java in favour of Sun's version, this could spell problems for browsers currently lording it over IE.

http://www.vitalsecurity.org/2005/03/65mb-malware- install.html

You mean this?

Y