Slashdot Mirror

← Back to Stories (view on slashdot.org)

New, More Destructive Love Bug Variant

Posted by CmdrTaco on from the brace-yourself dept.

Everyone and their brother wrote in to say that a new and more destructive version of the ILOVEYOU virus has hit the net. Instead of deleting on a few files, this one deletes every file not in use. And even more amusing, rather then using a hardcoded subject line, it uses the host's email archive to cause the subject to change while it propogates. Intelligent mail client users continue to be unaffected (although the ILOVEYOU sympathy virus has been annoying the heck out of us for days now... it works on the honor system: Please delete some files and mail to all your friends).

14 of 404 comments (clear)

  1. If you want to see something scary . . . by Straker+Skunk · · Score: 5

    . . . check out this file, on the Samhain project. This is basically a polymorphic-stealth worm system, that was developed as a proof-of-concept (and was never finished).

    It's cross-platform (as in, Unix and NON-Unix), it goes really far to evade detection and analysis (not to mention removal), and the freakiest part of it is, the whole system was designed to work in a distributed, intercommunicable fashion ("wormnet"). It's scary shit. Especially an observation the lead programmer makes near the end-- "sure, we didn't release this, but what if some other intelligent but deranged programmer out there has?"

    --
    iSKUNK!
  2. Here's a NEW idea: by paRcat · · Score: 5

    Why don't we start taking the usefullness of a virus back?

    What I mean is, why doesn't someone write a virus that does good? It could auto-run and disable all of the cheesy security holes that MS hasn't fixed yet. It could spread like a worm, and just go on a rampage fixing problems.

    Why must virii always be bad?

    1. Re:Here's a NEW idea: by Wanker · · Score: 5

      This topic comes up in virtually all intelligent virus discussions. In summary, it is not a good idea to use viral properties, even for something useful. I refer you to item F7 in the comp.virus FAQ (circa 1995):

      A very hotly debated topic that has flared-up dramatically several times in Virus-L/comp.virus. The answer to this is not simple and largely hinges on your definition or interpretation of the term computer virus.

      By definition (see B1), viruses do not have to do something "bad" (although many people argue that the uninvited "resource wasting" that is almost inherent in viral activity is necessarily bad). From this point (and based on his somewhat esoteric definition of the term computer virus) Fred Cohen has argued that "good" or "useful" computer viruses are a serious possibility. In fact, Dr. Cohen offered a reward of $1000 for the first clearly "useful" virus--despite several potential claimants, however, he hasn't paid up.

      Although there has never been a position that was widely agreed upon as a result of any of these discussions, many contributors to this forum believe that there are serious problems with the idea of implementing useful computing functionality through self-replicating programs. Vesselin Bontchev's paper originally delivered at the 1994 EICAR conference, titled "Are `Good' Computer Viruses Still a Bad Idea?", is available by anonymous FTP from ftp.informatik.uni-hamburg.de (IP = 134.100.4.42), as pub/virus/texts/viruses/goodvir.zip. *Anyone* wishing to raise this discussion in Virus-L/comp.virus again should read and carefully consider this paper before posting. It contains many strong arguments against the idea of "good computer viruses", and some prescriptions of how good viruses would have to be implemented and distributed to deserve the label "good". To date no strong arguments countering the points in this paper or otherwise arguing in favor of the concept of good viruses have been posted to the group.

      The summary of points made in this paper are:

      1. Lack of Control
        Even features such as defined lifetimes, central verification, etc. can't control self-replicating code perfectly. It is very easy for viruses to "get away". A great number of the viruses in the wild started out as merely research projects and were never intended to be released.
      2. Recognition Difficulty
        Allowing one program which has viral properties through one's defenses makes it easy for other programs to exploit the same hole. It's hard to tell when a "good" virus is doing its work versus a "bad" virus.
      3. Resource Wasting
        The process of infection will use up system resources-- what happens when the program hits a host that has few resources to spare?
      4. Bug Containment
        What happens if you discover a bug in the viral code? How do you update all the installed copies?
      5. Compatibility Problems
        The software could break certain systems while it works fine on others. This could make for difficult-to-track problems.
      6. Effectiveness
        There are always increased risks with viral code, and they can't do anything that nonviral code couldn't do with lower risks.

      Vesselin even goes so far as to describe some mechanisms to help mitigate the above problems, but the crux of the story is that it's still simpler and safer to rely on non-replicating code.

      There are some examples of failed attempts at "good" viruses in Vesselin's brief. They include The "Anti-Virus" Virus, The "File Compressor" Virus, The "Disk Encryptor" Virus, and The "Maintenance" Virus. Some of these same ideas have been brought up in this very Slashdot discussion.

      Amazing what history can teach. Damn, I'm starting to feel old...

  3. Re:When will microsoft users learn? by mackga · · Score: 5

    You can get a freebie add-on from:
    Nemx called Power Tools. It runs as a service under exchange and allows stripping of attachments via extensions.

    --

    "shop smart:shop s-mart" ash

  4. Here'e the real problem by HomerJ · · Score: 5

    The real problem here with these kinds of things isn't just Outlook. Or just moronic users.

    The whole security system in Win9x is flawed. Windows9x was never intended to be on a network. Win98 is just a rehashed version of Win95, wich is just a rehashed Win 3.1. Single user OS's that had "root" access everywhere were fine in the early and mid '90s. That's not the case anymore. Now that everyone is hooked up to the itnernet, and other people have access to these single-user OS's such as Win9x. it's didn't matter that you had "root" back in the day, you were the only one using the system. Now many people can run code on you computer. Be it a vbs, java, etc.

    A *nix variant doesn't have this problem. Unix was deigned with networks and network security in mind for over 30+ years. I couldn't if I tried to screw up my system like these vbs files do to Windows computers.

    Even Win2k security is lax. For instance, how many times does a typical linux install(be it Redhat, Debian, or anything else) go "DON'T USE ROOT AS A USER!" and foces you to make a regular user account? Now look at Win2k's installation, that gives you your user name with admin. privs.

    If Microsoft really wants to stop stuff like this, they need update their entire network security model to the 21st century....or at least the 1970's. Windows9x was not designed to be on a network. That's the reason it has no security. "access zones" and what have you in programs like Outlook are just a cheap hack to hide the real problem of the Windows security model. The problem being, it wasn't designed to have one.

  5. Re:I'm curious... by iCEBaLM · · Score: 5

    You can't possibly consider a virus writer to be an artist? I'm sure that some of code they produce is elegant, or at least quite advanced and technical. But to call the result of that work 'art' is just fallacy.

    Unfortunately, destruction is creative.

    -- iCEBaLM

  6. I'm curious... by Psiren · · Score: 5

    Do any virus writers read Slashdot? And if so, would any of you care to explain *why* you do it? Ignoring the simple macro viruses, some stuff, especially the polymorphic ones are incredilbly clever pieces of code. Why put that talent to waste?


    Now weary traveller, rest your head. For just like me, you're utterly dead.

    1. Re:I'm curious... by segmond · · Score: 5

      You can not tell an artist that what he has produced is a waste just because you do not understand it or find it useful. There is some excitement in creating something that is sort of "alive". I have seen very smart virus writers, crackers and shit, and they are very clever, but don't think by putting them into a different environment, they will start cranking out really impressive code. Nah, they have the ability, but what drives them to write their viruses or crack a software is probably not what drives them to write "productive software". As a matter of fact, they probably feel that their viruses is an utilization of their talents.

      --
      ------ Curiosity killed the cat. {satisfaction brought it back | it didn't die ignorant | lack of it is killing mankind
  7. Procmail filter to protect your users by qi3ber · · Score: 5

    I posted this filter up on freshmeat as well, but now that there is a more destructive version of this floating about, it should be distributed more. All you admins who are using procmail can add these two rules to your global procmailrc to prevent the execution of .vbs attachments to email messages. The email isn't deleted, just that the files extention is changed so that it will not execute on the end users system.

    :0 Bf
    *!^X-Loop: viruscheck
    *^Content-Disposition:[> ]+.*[Aa]ttachment.*\.[Vv][Bb][Ss].*
    |/usr/local/bin/sed -e '/Content-Disposition:/{N; s/filename=\(.*\)\.vbs\(.*\)/filename=\1.vbs.txt\2 /i;}' -e '/Content-Type:/{N; s/name=\(.*\)\.vbs\(.*\)/name=\1.vbs.txt\2/i;}' | /usr/local/bin/formail -i "X-Loop: viruscheck"

    :0:
    $ORGMAIL

     If you have any questions, please feel free to contact me about it.

  8. Warning: ILOVEYOU virus spreads to Unix systems! by babbage · · Score: 5
    received in my mailbox recently:

    -- forwarded text begins --

    This is the Unix version of 'I Love You' which works on the honor system.

    If you receive this mail, you should delete a bunch of GIFs, MP3s and binaries from your home directory, then send a copy of this e-mail to everyone you know.

    -- forwarded text ends --





    --
    DO NOT LEAVE IT IS NOT REAL
  9. We need more tecnological diversity... by jonr · · Score: 5

    If I may quote my favorite CEO: "Pursuing the biological simile, observers pointed out another problem caused by Microsoft's monopoly: the lack of genetic diversity in the PC ecosystem. Because PCs and their software are too similar, one noxious automaton can do much more damage than would occur if we had several alternative life forms.
    This argument deserves closer examination. True, BeOS, MacOS, and Linux users were not infected by the Love virus. Had each system had 25% market share, a single virus could only infect 25% of the population."
    The ILOVEYOU virus is kindergarden stuff compared to what a real programmer could really do if he/she put their mind to it, but since experienced programmers are (most of the time) fairly matured individuals, but it would only take one fairly good hacker to release a plague on the world...

  10. You think that's bad. by basscomm · · Score: 5

    Check out the virus warning I recently came across:

    Pay close attention to this warning!

    If you receive an email entitled "Bad-times," delete it immediately. Do
    not open it. Apparently this one is pretty nasty. It will not only erase
    everything on your hard drive, but it will also delete anything on disks
    within 20 feet of your computer through the use of subspace field
    harmonics. It demagnetizes the stripes on ALL of your credit cards. It
    reprograms your ATM access code, screws up the tracking on your VCR and
    uses subspace field harmonics to scratch any CD's you attempt to play. It
    will program your phone auto dial to call only your mother-in-law's
    number. This virus will mix antifreeze into your fish tank. It will drink
    all your beer. (For God's sake man are you listening?) It will leave
    dirty socks on the coffee table when you are expecting company. It will
    replace your shampoo with Nair and your Nair with Rogaine, all the while
    dating your current boy/girlfriend behind your back and billing their
    hotel rendezvous to your Visa card. It will cause you to run with
    scissors and throw things in a way that is only fun until someone loses an
    eye. It will rewrite your backup files, changing all your active verbs to
    passive tense and incorporating undetectable misspellings, which grossly
    change the interpretations of key sentences. If the "Bad-times" message
    is opened in a Windows95/98 environment, it will leave the toilet seat up
    and leave your hair dryer plugged in dangerously close to a full bathtub.
    It will not only remove the forbidden tags from your mattresses and
    pillows; it will also refill your skim milk with whole milk.

    *********WARN AS MANY PEOPLE AS YOU CAN.*********

    Hope I don't get that one.

    --
    http://crummysocks.com
  11. Re:Who will be the hero... by ucblockhead · · Score: 5

    A less drastic action:

    (For those forced to do Windows/Outlook.)

    My Computer
    -Tools
    -Folder Options
    -File Types
    -VBScript Script File
    -Advanced
    -Click on "Edit" in the list box
    -Set Default

    After you do this, the default action for a VBS file is to edit it in notepad. (And you can still run it by right clicking and selecting "open" from the menu.)

    Repeat for any other dangerous filetypes.

    --
    The cake is a pie
  12. Linux is at fault here... by finkployd · · Score: 5

    Hear me out. Linux is Microsoft's main competition right now. Because of this we are forcing them to "innovate", something they would usually avoid.

    Now if MS Bob has taught us anything, Microsoft is not a company that should be innovating. When they do, they don't come up with things like "better security" or "stability", they come back with "talking paperclips", and "throw in every usless feature we can think of, memory footprint be dammed".

    Unfortunatly, they also come up with the bright idea of executing email. Now MIME attachments aren't enough, they want you to be able to run/open attachments right when you get them (presumably to make sure you EXECUTE .exe files to make DAMN SURE you read any EULA contained within). This sounds like a good idea to people who believe renaming directories to folders made computing possible for the common man, but security wise it's like vigorously shaking a package from the Unibomber.

    So my friends, we are to blame. We pushed them into frantically trying to invent "necessary" features to stay on top, and look where it got us. Many of us are watching our beloved mail servers go down under the strain and rebuilding our company's PC because of our pointless competition with Micosoft.

    I implore you all, please just drop this Linux thing before Micosoft innovates again.

    Finkployd