Slashdot Mirror
The Next Generation of ILOVEYOU:The Porn Worm
Erik Green writes "I've been sent a new semi-benign ILOVEYOU variant - it's got a subject line of "Check this" and consists of a one-line message and an attachment named LINKS.VBS. Its only purpose other than self replication is to add a link to a XXX site to your desktop. The attachment is a self-replicating script that copies itself to all network drives and sends itself to everyone listed in outlook's address book. This variant is interesting since it's partially encrypted to obscure it's purpose. It's nice enough to ask if you want the shortcut added to your desktop, but it doesn't ask about replicating itself. It's basically a trojan advertisement. Fortunately, it doesn't delete any files.
Needless to say, only machines that run outlook and have visual basic scripting available are vulnerable.
"
Yes, its true. Though it is far from a new thing - it's been around for about a year now.
So now Cyber Patrol will have to add the Windows Desktop to its blocked site list, right?
THAT should teach Microsoft to integrate its browser with its OS...
- Michael Cohn
-----
Go ahead, blame me... I voted for Nader!
Actually thats not such an unusual Idea. I have often discussed this theory with a number of professionals always with the same sceptiscm. But consider it this way. Users ( the end user kind ) are notoriously inept at upgrading. If there were a way to write Upgrade software distributed in a virus vector it might reduce your work load. MIGHT that is.
... sigh !
I even played with the concept in my earlier code days. Having written a client/server app that passed patches between computers it could find on its network where the computer was running the client. And did not inform the user.
Still i suspect the whole concept is considered disgusting and not worthy
And thats why Firecrackers and kittens don't mix.
The short answer is that most flavours of Unix, including Linux, don't have much to worry about from the current crop of viruses. This may change in the future, but due to the architecture of Unix it is more difficult for viruses to propagate or to really damage a system.
The long answer is "it depends". Details as follows.
Viruses and trojans that are embedded in Word documents, Visual Basic scripts, or the like have no effect under Unix, because most Unix systems don't process Word macros or Visual Basic scripts. Thus, most of the crud that has been affecting Windows users has been completely unnoticed by Unix users.
If you are sent an executable, or fetch an executable yourself, and run it, it can modify anything that you have permission to modify, even under Unix. This means that a trojan executable, if you run it, could quite easily destroy all of your files - but not the files of anyone else using the machine, and not the operating system files. In principle, a trojan could also access any facilities that you have access to; this means that a sufficiently clever trojan could mail itself to other people from your account. However, it would have a harder time finding addresses to send itself to (maybe scan ~/mail and
A true virus is capable of infecting arbitrary executables, which themselves will contain the virus and infect other executables. While in principle this could be done under Unix, the virus would again be limited only to executables that you have permission to modify. System tools would not be affected - you couldn't infect "cp" or "ls", for instance. Distribution would also be curtailed, as you don't usually send executables to your friends; you send them a source tarball, or point them to where they can download an executable. So, while something like this could be done, it wouldn't be as devastating as it is under Windows or DOS.
Social engineering remains one of the biggest threats under Unix. It means, simply, convincing a user to do something harmful. In the case of email viruses, the virus must convince the user to open the attachment. Heaven help us when inexperienced users have root access; a virus could simply tell you to "su to root and run this install script" to have devastating impact. This will probably be one of the biggest threats in terms of viruses under Unix.
The idea of a Linux email worm is so interesting that I'm tempted to write one. Must... stay... good...
The Turkish trojan. ;)
--
There's another "legitimate" portal site called Go Hip! that also uses viral advertising.
If you use Outlook and Explorer, the virus will add another "toolbar" to your browser (which only contains banner ads), and attaches an advertisement for itself onto the end of every email you send out. The program does all of this without the users knowledge or permission.
I would normally call this just merely annoying except for the fact that it is impossible to uninstall it via any normal means. I removed it from my registry, but it just copied itself back. The only way to remove it is to dig deep in Go Hip!'s customer service page and run a "remove" utility.
"Reactionaries must be deprived of the right to voice their opinions; only the people have that right." - Mao
Wow, a free app that adds a shortcut to a porn site on my desktop and generiously tells all my friends coworkers. Thats not a bug!
Geoff
Thats Ken Thomson's exploit you are referring to. Its in the jargon file and elsewhere too.
I can throw myself at the ground, and miss.
Links.vbs predates ILOVEYOU. It scans net blocks looking for open shares and replicating, and was out there in early 2000 at the latest.
You didn't, by chance, click on the "download browser enhancement" link, did you?
I've got IE5 and Outlook2k on my Win2k box... and nothing happened by just looking at the site. Are your IE security settings set to "bend me over again"?
Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.
...but rather a precursor. It's almost a year old. Details here.