Slashdot Mirror
Gnutella VBS Worm
TRingstad writes: "ZDNet has an article about a new worm infecting Gnutella users. The worm changes the gnutella.ini file to accept VBS files and places 23 Trojan files in the Gnutella download directory so that others on the network may find them. It then creates a 'victim' file with some statistics on what generation of the worm infected the user and on what date. Finally, it copies a warning, 'If I was a naughty boy, I could use scripting to get name, email, whatever file I want.'"
I agree with the user in this situation. I should be able to open any e-mail I receive, and my mail reader sure as hell shouldn't be executing any code in that email without asking me first.
I receive unsolicited e-mail all the time, and I feel free to open it in mutt, because I know that embedded executables are not going to be run.
The user in this situation is absolutely correct. They're running under the assumption that just *looking* at an email should never be dangerous. They're assuming not only that a nobody would write a mail reader stupid enough to execute code without asking, but that if anybody did happen to write such a stupid program, the tech support department where they work would never allow such a program to be loaded on everybody's machine.
In a sane world, that would be a good assumption...
This is the way I see it. And this isn't only about the Gnutella Worm, its about viruses in general. In any truely free system (free as in free speech, of course), you can not fully prevent one person from causing harm onto another. You can restrict the system, create more restrictions and secure, but then some freedom is lost. That is because freedom relies upon people who choose not to cause harm onto other people.
In a specific sense, this guy who created the worm is only exploiting the freedom he was granted. Thus people start locking down and all of us loose a certain amount of freedom.
There is a very good reason why we dislike people who pull these kind of stunts. It is because we know that if we invested that kind time annd effort in creating a virus or worm, we could do it. But we don't. Because we want to keep our freedom on the internet. Because we know that no one ever said we couldn't cause harm to other people's systems. Because as long as we have freedom, we *know* we can cause harm. But we don't because we are moral beings.
The Power of Freedom is directly our ability to influence others and ourselves. If you can't see this---if you only see the internet and other users of the internet as some sort of game, then you do not deserve the little freedom we have left.
Time for a little maturity (speaking from a 17 year old :)
You can get basic to work in Linux. I forgot the name of the program, but IIRC it was on Slackware 3.5. I bet you could port visual basic to Linux, and then set the premissions to 4755 with owner root for the runtime interputer, that should work.
I think most people firgure it like this
GNU == Unix
UNIX == GNU/Linux
GNU/Linux == Linux
(GNU *anything* || anything OpenSource) == Linux
which I am not claiming it is right, but when I first heard GNUtella, I thought it was a Unix program from the Free Software Foundations...
What does the "tella" stand for anyways?
"`Ford, you're turning into a penguin. Stop it.'" -THHGTTG
Seriously though, if Microsoft wanted to make it more security, give it user premissions like Unix,
NT has those permissions. For Win9x to have them, they had to change the file system (FAT) and some other things, breaking their whole we-remake-DOS-once-a-year-and-you-better-buy-it compatibility. So, nothing will change.
sure. it's right here.
Actually it is a good exercise. It seems that after a while people would learn to be more careful.
You should clarify that.
Doesn't happen on your *nix box.
--
Big deal. I conducted an experiment: a user gets a file that says: This is the Unix version of "I Love You" which works on the honor system. If you receive this mail, you should delete a bunch of GIFs, MP3s and binaries from your home directory, then send a copy of this email to everyone you know and then click on the following link: click this in order to increment the count of systems that this virus had spread to. Thank you. ----- The worst thing is that in less than a week over 480 clicks have being recorded!
You can't handle the truth.
People have to be told that "You just don't run stuff from an untrusted source."
And by "trusted", you have to specify not just "I know this person and he doesn't want to hurt me maliciously" but also "I trust whatever he's running on his system not to hurt me". The recent Outlook worms et al have demonstrated that any idiot running an insecure system can spread all sorts of nasties to his friends and colleagues, who normally trust him.
"If one is really a superior person, the fact is likely to leak out without too much assistance" -- John Andrew Holmes
Can this really be classified as worm, since it has to be downloaded by other users? Also, how does this go about making users download it?
Is it just me or is this the first one out there that actively warns poeple about what it can do? Perhaps people will wake up finally.
This could easily have been a lot worse -- the author could have trashed the systems of victims. However, it is simply a warning created to illustrate a serious security hole. Kudos! This is the ethical side of hacking that was always encouraged by the community as I was learning.
And spare the "hacker v. cracker" definition wars -- IMO, crackers are malevolent, and the author of this worm is certainly not.
--
We may not imagine how our lives could be more frustrating and complex—but Congress can. – Cullen Hightower
Is it an underground effort by the Linux zealots to undermine Windows? Is it a cunning ploy by Micro$lop to get people to buy W2K?
Or is it the anti-virus vendors drumming up sales?
Or am I just paranoid, and it's all coincidence?
Strong data typing is for those with weak minds.
Strong data typing is for those with weak minds.
VBS is good just as any scripting language is good. You can script in it. I won't go as far as to say it's as good as Perl or other scripting languages, but it's used for similar purposes. Inherently, VBScript isn't bad. It's no worse than any other scripting languate. The problem is a combination of things, mostly OS and OS settings.
Why, again is it stupid? I know it is stupid but, why?
I think people are misunderstanding this situation.. Some are saying that if Gnutella were opensourced, a problem like this wouldn't exist (for various reasons.)
.vbs script, double click it, and then the trojan does it's stuff.
This is incorrect. First of all, Gnutella's network protocol (half of which is based on HTTP) is documented, and a variety of both open and closed source clients exist.
This trojan doesn't use any kind of a backdoor in Gnutella technology. Rather, it's spread by the users themselves. They download a file (like 'collegesex' or whatever), which is actually a
So, this is no problem with Gnutella. It's just users who don't have a strong enough security background, and who can't decern scripts from other types of files.
This can happen to anyone, on any OS. Just so happens that Microsoft's are the easiest to use, and generally have the users that would fall for it.
Hope this clears up some misinformation. Guys/girls, please try not to jump to conclusions about everything (like how open source would have prevented this.)
Pete
Naturally the idea was a complete non-starter. The whole reason they used Outlook in the first place was so they could send each other pretty HTMLified mail with, like, colours ! and fonts ! and stiuff; plus they were always mailing 100Mb Excel and Access docs around to each other.
Camaron de la Isla 'When I sing with pleasure, my
"None are more hopelessly enslaved than those who falsely believe they are free." -- Goethe
Compatability with Excel spreadsheets is the main reason, I heard.
Do you use spreadsheets alot?
Tom Swiss | the infamous tms | my blog
You cannot wash away blood with blood
I think it's because the Beatles were already the second coming, NKOTB was the third, and the Maurice Star boy groups (the Bel Biv D'Jours) kind muck up the numbers from there.
Maybe we need, like, a Sony Music Corp Voice of a Generation, and a Warner Brothers Voice of a Generation, a Geffen Voice of a Generation and so on. That way it'd be easier to keep things straight.
Gnutella doesn't have much in the way of authentication or signatures for the files people download. That isn't a problem for MP3's--if you thought you downloaded Metallica and you get Pocahontas instead, nothing has been damaged. But for executables and some kinds of documents, it's a big problem.
I have developed a simple test to check your virus and computer IQ. You get enterred into a drawing for a $1000 bill, just for entering.
To take the test, press Alt+F4, now.
-- What you do today will cost you a day of your life.
Be smart, don't run anything from an untrusted source without checking it first.
Isn't all of Gnutella pretty much an untrusted source?
Also, how would I go about checking a binary file I downloaded to make sure it's what I think it is and not an insidious worm? Size could be a clue sometimes, but not all the time, especially if the programmer is smart and names it to look like appropriately sized binaries. Would virus protection software catch something like this?
I remeber when the CIH virus came out, I thought to myself "Dam that is pretty cool". I am not malice and I am sorry for the people that had their bios flashed cause of this, but you got to admit, that is atleast (if nothing else) an intresting payload, compared to say "format C:
"`Ford, you're turning into a penguin. Stop it.'" -THHGTTG
Some come with source. My favorite so far is gtk_gnutella that I run on Linux.
The one problem I notice with Gnutella is that if I leave it running for a while - even idle - I will eventually need to reboot my cable modem.
You will need an initial host to begin connecting to GnutellaNet. One is always show on the Gnutella home page.
-- Could you use my software consulting serv
I think news stories about attacks are like news stories about any calamity. Earthquakes, terrorist activity, draughts, illegal-alien smugglings, LAPD scandals, whatever.
There isn't really a larger number of tornados per year, looking at the big picture. There are more people, settling in more areas, so more people reporting heretofore-unseen tornados.
If a couple stories are on the same topic in a short time, a news service will develop a "focus" on such stories, and will pick those out from the newsfeeds like Associated Press.
When it comes to people-induced tragedy, the news stories generate a lot of copy-cats. Columbine, Melissa, Oklahoma City, the list goes on.
The fact that the news services sensationalize the stories, with big numbers ($5 billion cost, blah blah), it's worse. Those big numbers are what businesses are putting in their claims forms for insurance claims against lost business, whether they really lost that much business or not.
[
They say don't download/run anything from a source you don't trust ... the question is, why develop a client to interact on a GLOBAL, utterly anonymous peer to peer file sharing network if you can only download stuff from people you KNOW and TRUST?
... "use this product to get access to files you never would have dreamed of, but don't ever download or run anything you can't get from a local friend."
It's kinda like saying
Kinda defeats the purpose doesn't it? Rather, it illustrates the inherent weakness in this whole system and how people's desire to steal software overrides their common sense of not dealing with anonymous users you can't trust.
If someone on the street offered you an opened Coca-cola, who would be stupid enough to drink it? Change the Coca-Cola to Mad Dog 20-20 and almost any alcoholic would drink it showing that common sense is often thrown out the window to get what we think we want/need but what in a lot of cases is not good for us puts us (and in this case, our computers) at serious risk of harm.
microwave started with nothing inside it
Although using the nuker "empty" is not very good for it, it won't damage it either just from one time.
drying paper towls in the microwave which then catch a light when you take them out
Yes, the nuker is indeed a great tool when you run out of matches. Other ways include: pencils (pretty quick), bread (leave it in for a couple of minutes), chocolate (black chocolate works best: wait til it melted, then leave it for one more minute). Pencil mines are interesting too, but you need something disposable to prop them up against.
And the classic: eggs (no fire, but count a quarter of an hour's work to clean away the mess), soap (use a very small quantity, unless you have a really large nuker).
Say no to software patents.
Umm. I can do the same thing in netscape and ncftp.
"...and you ran it as root, you'd delete pretty much everything on your system."
Why would I do a stupid thing like that? Give me *some* credit, will you?
I just thought there was something special about IRC clients, like maybe letting many people on IRC know my IP address when I run as root or something.
Back when I read alt.comp.virus regularly, it was understood that VBA stood for virus builder's assistant.
People keep accusing Microsoft of making low quality products, but VBA was a major improvement from NuKe's Virus Creation Labs.
If someone does make one, I vote for the name "IHATEYOU". Just remove "Windows scripting host" and assocaite the
But then again, you are still accessing someone computer and chaning someone else data without their premission. Which even if you heart is in the right place, still might get you in trouble with someone.
Plus what would happen if you script had a bug in it? Also should companies be allowed to "worm hole" hot-fixes into your computer without your premission? When the new service pack 6 screwed up some Lotus mail program, do you think IT managers would be happy that Microsoft automatically "fixed them" without premission?
"`Ford, you're turning into a penguin. Stop it.'" -THHGTTG
I actually came across an example of this just now. I was searching for some live recordings from a San Francisco radio station called KFOG, and found a file called " kfog.html" (yes, with the space out front). If you open it, it redirects you to a web page, which then sends you to a porn site (well, it would have sent me to a porn site except that the person mistyped their own IP address in the file :) ).
Yeah, a great way to get back at them sharkz: lay out boobytrapped Metallica filez: they'll catch the flu, and hopefully learn the lesson that it's better to leave us geeks alone.
Say no to software patents.
I know this, that is why I said for the runtime interputer, ok so it is spelled wrong, but you should still be able get the point of the post with a couple characters misplaced.
"`Ford, you're turning into a penguin. Stop it.'" -THHGTTG
which I am not claiming it is right, but when I first heard GNUtella, I thought it was a Unix program from the Free Software Foundations...
What does the "tella" stand for anyways?
Nutella is a chocolate spread that comes in a jar, akin to peanut butter. Its quite rich chocolate, very sweet.
GNU + Nutella = GNUtella
-- iCEBaLM
Second, be very grateful the author was nice enough to make this a benign bug.. it could have had CIH as its payload.
If I were a naughty boy, I would use scripting to get name, email, or whatever file I want.
Gates' Law: Every 18 months, the speed of software halves.
- The "worm" only works if Gnutella is installed in the default directory, "C:\Program Files\Gnutella\". Since Gnutella doesn't use the registry or any other system-wide config files, it is fairly hard to pin down where it is installed. (One way, of course, would be to look at the Start Menu shortcuts, but those are optional as well. Maybe in version 1.2. <g>)
- The user must search for the files with the particular names, download the file, and then execute it. The "worm" does not self-propagate. In fact, I'm not sure if it is even a worm. It seems more like a trojan to me. I think that the reports are automatically labeling anything written in VBScript as a worm.
- Obviously, it rarely has an effect on any of the clones, since they don't use the same config file structure, and they usually aren't found in "C:\Program Files\Gnutella\".
There we go, that should reduce the hype a little bit... or maybe not.--
If you check it there is no offical gnutella for linux just clones and linux doesnt deal with vbs or ini files. Get it right before you decide to rip on something you dont know about Beave
The Beaver The Best Things In Life Are Free And So Is Linux!
I am not turning this into a whole OS security model vs stupid user war.
If my grandparents get infected with a virus, worm or buggy program, guess who gets to clean up the mess? Me. I am trying to put some basic sense in their heads so I don't have to go over there and restore it.
If they where running Unix or anything else I would say "Hey when someone says try `rm -rf
I don't know or really care if it is the fault of the user or the security model of the OS, the only thing I know is that I don't like restoring a computer from OS up when it could be prevented with a few precautions (in this case information the user)
Me sending them that program is my way to "test" them, you know those fire drills you had in school? that is what I am trying to do, it is intresting to see users reactions, but that isn't the point.
The point is, when they have a fire in there house they will make it out alive, err I mean when there is a virus in there house they, the point was, as I stating is so that they know how to use fire to kill any virii that may be infecting there house due to biological warfare started by malcious computer users...
As with any system (strong securtiy policy or not), you have to inform the users for the strengths and weaknesses of the system. Even if you have a extremely secure system, if you post the username and password to anyone, it becomes as secure as a overweight high school girl going to a dance...
I am trying to stay away from the "stupid user vs insecure OS" war going on, but I think both sides agree that the user needs to be informed of basic security measures. A Unix system can be secure tell Bob posts the root password on irc...
To test this theorgy someone please post there root password and ip on slashdot.
(techinally if it was behind a firewall and had tcpwrappers installed and telnet/ftp/etc disable it still could be consider secure)
"`Ford, you're turning into a penguin. Stop it.'" -THHGTTG
And I quote, from the Gnutella home page:
"Some reports have been circulating in some of the online press about a 'Gnutella Worm'. This 'worm' does not exploit any weaknesses in gnutella itself, but rather weaknesses in the Windows operating system and more importantly, the user. This 'worm' will not affect anyone who doesn't manually download it, and subsequently manually run it. Gnutella does not execute any files it downloads. Be smart, don't run anything from an untrusted source without checking it first. This is an exploit of human gullibility and a weak operating system, nothing more."
Gnutella powerful, humans weak. Grunt, grunt.
John S. Rhodes
WebWord.com (Usability Vortal)
How to Download YouTube Videos
I do like the ironic sense of humour that the "victim" file has. The fact that one can use the features of Gnutella to go and see how many people have been infected by the worm is pretty original. However, as worms go, this doesn't seem to have been particularly effective at replicating itself.
"Give the anarchist a cigarette"
A little planning goes a long way...
What makes you think you're so superior a computer user? Ohhh, wow you can type things on a command line. That is really excellent, you ought to be commended. Oh wait a second, The command line is an interface to give the system instructions, not to actually process data. Raw power in a few lines of code, you would be hard pressed to do anything worthwhile merely from a command line. Moving files and writing the output of ls to a text file isn't my idea of raw power. Under your logic cars ought not have power steering or ABS brakes because people ought to learn how to live without them. Everyone ought to spend their time at home in fromt of a glowing screen like you do so they too can understand computers. Doesn't it suck to be a 45 year old virgin though?
I'm a loner Dottie, a Rebel.
Then it'll get downloaded tons. I wonder if this is how Napster users were snagged?
yours is based more on the generic Slashdot "Microsoft sucks, Linux rules" viewpoint.
Really? please re-read my post and find either the words microsoft or linux. For that matter find a reference to ANYTHING vender specific except VB. I was not attacking the language, only saying that this virus is not a gnutella specific virus, it is a visual basic virus. Sure it could be writen in a bash script but then it would be a bash virus. All I was doing was classifying it.
It seems there are two kinds of extreams on slashdot. Those who claim Linux is the end all of computer and that microsoft sucks, and those who never fail to attack anyone and everyone of harboring that viewpoint. I believe in your zest to paint me in that light, you failed to actually read my post and just assumed I was trolling the "slashsot party line" as it were.
Finkployd
This is a really clever infection mechanism but it is hardly the worst problem facing Gnutella. Many servers simply house large numbers of files (with appropriate names) that redirect users to the owner's porn site or places a desktop link to said porn site. Many novice users will not think to check the file size and will end up with just porn advertising instead of what they were looking for.
I think this low signal/noise ration is what is going to hurt Gnutella. Napster avoids this problem by only allowing MP3 files. If it is a worthless file, it will only open in an MP3 player and be found to be an invalid file. On Gnutella, the user could execute a file in the appropriate program--making novices all the more vulnerable to viruses and advertising.
ByteMyCode.com: A Web 2.0 code sharing community.
get your definitions right, people-this "worm" does not attack linux users. linux is immune to it. why? have you ever *tried* to run a vbScript in linux? it is not supported at all. plus, there isn't even an official linux gnutella client. i guess when people see GNUtella, they think linux. but it doesn't affect linux at all. now no more people can say "well, linux finally has a virus, ha ha ha!" because this doesn't have anything to do with linux.
In fact I hate to have to admit it but NT's permission scheme for files is far far more robust than your everyday UN*X.
I'm sorry, but this is just one more example of how [l]users make viruses possible. A Visual Basic script virus that needs to be activly run? Sheesh, I'd run it through a scanner and have a look at it before I ran it; Most sane people would! Even if they didn't know what they were looking for, I'm sure they'd recognise evil intent!
But all you hear is "nasty virus writers" from the mass-media, when it's stupid, stupid users to blame.. Reminds me of a lawsuit that started in a local BBS message board back in '87. Someone posted, in jest, that format c: would fix a particular problem. Two lusers tried it, formatted their drives, and promptly retained lawyers because they thought they could sue someone else for their own stupidity. Judge tossed it out, thank God.
.sig: Now legally binding!
My comment was intended to be neutral.
No offense meant or taken.
Visual Basic and Visual Basic Scripting are two different animals.
rexplorer.exe
instead of rsh
"`Ford, you're turning into a penguin. Stop it.'" -THHGTTG
When I first was learning Linux, I got flamed a couple times because I was IRC-ing as root. Most IRC rooms ban people running as root, because it is well REALLY stupid to do. But what always made me mad, is sure they ban me for being stupid and running root, but they don't ban any Windows95/98 users. What is up with that?
I don't run any user programs as root, only su into it when it is needed for system admin tasks, but I now know why it is stupid. Really stupid.
"`Ford, you're turning into a penguin. Stop it.'" -THHGTTG
Maybe I just read it wrong, but this is really kind of silly. You download something, then execute it. If it's malicious then you get screwed. Aren't there numerous FTP clients that allow you to execute what you've downloaded from within the client? What about IE 5.0? It allows you to execute the file you've downloaded from within the browser.
This is just another VBS trojan like all the rest. It's not Gnutella's fault. Or do I misunderstand?
numb
Every search you do through gnutella now comes back with an html page named [whatever-you-searched-for].html -- it's a page with javascript to load a porn site.
It's just ironic when you're searching for something like Zappa and you end up a a britney spears porn site.
Perfect metaphor for today's music industry. Last night during every commercial break Fox was touting britney as "The Voice of a Generation."
heh. heheheheheh. hehehehehahahahahahahBAHAHAHAHAHAAAAAAA
I was going to be a pedant and say that water didn't explode, but sense got the better of me and I found a definition of explode saying 'to burst forth with sudden violence or noise from internal energy.
Open Source. Closed Minds. We are Slashdot.
While the network can be used to exchange any files, most files are pirated copies of music and software or porn.
I thought the majority of file transfers on Gnutella were blueberry pie recipes...
This is not a Gnutella issue. It's a weakness in Windows, one that has been exploited time and time again via email. This 'trojan' just happens to propogate via Gnutella.
Oh, yeah. Kudos to the author. Novel delivery mechanism! Better than ILUVYOU and it's attempt to spread via IRC!
.sig: Now legally binding!
... Here's what's really going on: Microsoft is releasing all these worms themselves. They are trying to position VB Script at the most Elite, rad cool, programming language on earth... used by all the "big" hackers, crackers, and hell, the phreaks too.. Since they couldn't come out and openly advertise a product designed for hackers (what with that pesky lawsuit and all) they advertise by example...
Yeah, that's the ticket.
When will Windows be ready for the desktop?
This is a UNIX email virus. It works on the honor system:
If you're running a variant of unix , please forward this message to
everyone you know and delete a bunch of your files at random.
Thank you for your cooperation.
< snip >
The only thing this Gnutella trojan can prey upon is an idiot user and there really isn't much one can do to protect against that.
But to be fair, it's basically the same old story from the old days when trojans, virii, and worms were distributed in .COM and .EXE files (for those of us who used DOS =) hell, there were even a couple .BAT trojans (not very effective but still)... you could download all you wanted and not a thing would happen until you ran them. Then again, that's what scan was for... =)
You could have the same story with *nix though. What's to stop someone from writing a program that wipes out a user's directory? Or a sneaky bit of code in a program claiming to need access to root? I suppose the reason it doesn't happen as much in *nix land is because the users are generally more competent than people accustomed to simple point and click on M$ stuff; and incompetent people generally don't get root. =)
I guess the point is, all it takes is someone dumb enough to run a script or program etc without checking it out. If you're not practicing safe computing, you'll get an STD (Stupidly Transmitted Disease).
Humorless sig goes here.
I see GNUtella as being 'open' by having the open protocol.
And by the way it's a damn easy protocol. Seems like being designed for hobby programmers, and I don't think that's bad.
The easier it is, the more likely it will get widely accepted.
Check the GNUtella protocol out for yourself
carlos
--
As a matter of fact, I am a lawyer. But I play an actor on TV.
Conscience is the inner voice which warns us that someone may be looking.
Conscience is the inner voice which warns us that someone may be looking.
-- H. L. Mencken
What if it put this on Freenet? Does it become a Freenet virus?
How about on my web site? Then it's a WWW virus.
Yeah, and I'll make it an FTP virus, and e-mail virus, and usenet virus....
IT'S A VISUAL BASIC VIRUS!!!!! Wake up ZDNet!!!
It's a single file. It can be transmitted in any one of the millions of ways files can be moved from point A to point B (including sneakernet)
As long as there are people who repetedly test how hot the stove is with their hand, see if a dog is nice by sticking their hand in it's mouth and open vbs files on an operating system renowed for it's insecurity, we will have this problem.
People simply don't learn from the past. There is not much you can do but smile and charge them $100/hour for onsite service to fix the problems they create for themselves.
Finkployd
Dialog of a true phone conversation held this morning:
(L)user: I just received an email titled: RESUME. Should I open it?
Support: Did you ask for this resume to be sent to you?
(L)user: No
Support: Do you know the person who sent it to you?
(L)user: No
Support: Do you get resumes as part of your job function?
(L)user: No
Support: Then please delete the email without opening it.
(L)user: Are you sure? I don't want to lose anything important?
Actually, I considered it a not so small victory for training that the user called, but it shows the point. The biggest security hole in any operating system will always be the carbon interface banging on the keys. Once these users get loose on an any system, security becomes much, much more difficult.
The thought of possibly corrupting everyones email must be weighed against the possiblility of missing a funny chain letter... Anyone's guess who wins that one.
(And yes, I freely acknowledge that MS makes exploiting these poor creatures incredibly easy, but its only a matter of time before they move on to linux and other OS's)
Of course I use Microsoft. Setting up a stable unix network is no challenge
There was something more interesting, though, that I discovered. Somewhere, someone figure out a way to take the search words that get sent out, and automatically create an HTML file from it. If you download it (as I have, a couple of times), thinking maybe it's an HTML file linking to some place that may have what you want, you'll find it's something else totally unrelated - somewhat akin to getting the xxx sites when searching for completely innocuous topics because they manipulated the search engines. Nonetheless, an unscrupulous (relatively speaking, given the nature of Gnutella, and because after all, who would complain?) could link to a site full of banner advertising or some such to get hits.
Here's how to disinfect yourself.
--- Hot Shot City is particularly good.
I mean ... with all the VBS files flying around when will somebody port Visual Basic Sripting support to linux. I am sick of having to run Windows just to get a VBS worm. Is somebody working on this already?
If you read the Evolution thread, they're adding VBS capability, but unlike Windows, they're keeping it in a sandbox with restrictions.
retrorocket.o not found, launch anyway?
Back in my day we didn't have any scripting launage to code virii/worms in, we had to do it in hard code ASM, by hand, without an assembler, in the middle of winter, without power in middle of a frozen lake. Back then, there wasn't "documenations", we had to reverse engineer the processer to get the correct op codes, then write are own assmebler.
Then when we wanted to run the file, we had to transfer it via 340K 5 1/4 floppy disk, we didn't have networks, the Internet or fancy hard drives.
Then once the floppy was in the users machine, we had to call up and have the user run 4 differant executables, this took a lot of social engineering.
Seriously though, who says Microsoft isn't invonative? If you want to write a virii/worm for DOS you needed with ASM or C/C++, which is differant for the typically script kiddie to understand. Hand someone Visual Basic for dummies book and with a week have a worm that can prograte around the Internet within the matter of days. Thank you Microsoft for your weak securtiy premissions and easy to use high power octane scripting launage.
Seriously though, if Microsoft wanted to make it more security, give it user premissions like Unix, but if they want to keep it easy to use, have a popup box when something (program/script/command) wanted to access/write/read another users file and say "This program needs to run at a differant user level: level foo, are you sure you want to run this?" and when they click "ok" it gives them a popup box to enter username/password for level foo and if they are entered correctly it runs the program with higher premissions. Easy to use and somewhat secure. Just have Unix or Unix like premissions, with the easy of use of Microsofts pop up and dialog boxes, the user won't even have to touch the command line (btw command.com sucks compared to bash, and edit is pathetic compared to vi, I won't wish Microsoft command line interface to my worst enemy)
"`Ford, you're turning into a penguin. Stop it.'" -THHGTTG
a) Manually select the file for download, with its VBS extension glaring in their face
b) Manually go into the Gnutella download directory and execute it.
In other words, if you get "infected" by this thing, it's your own damned fault.
I don't believe you'll find a less security-aware company on the face of the planet. If they did port Office to Linux I have no doubt in my mind that it'll need root privs, and include all the happy horseshit that's been getting Windows users infected for years.
You can keep MS and the virusses that come with them.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Here's a link to Network Associates' (makers of Dr Solomons' and McAfee VirusScan) technical info on the Gnutella Worm, which also contains a complete listing of all the filenames created by the worm. Eerily, it's virus number 98666 on their database.
Part of the kick of virus writers seems to be the enjoyment of watching your own code destroy peoples machines. And that's just gotten tremendously simple since MS has opened up half the world's computers.
Think back to Robert Morris. Now that was a hack, and took signficant skill. Nowadays, every two-bit script kiddie can tear mail servers up after half a day of perusing a book on VBS.
Propagation is simple these days because everybody's got e-mail and the apps and OS they're using are tremendously easy to infect.
...and I understand that it was cross-platform, too. Spread to MacOS and Novell Netware within a few hours.
Nasty.
You cannot apply a technological solution to a sociological problem. (Edwards' Law)
I just tested this, I emailed my grandparents and told them to NEVER execute an attachment. I told them it was probably a worm or virus, when into the whole anti-virus/windows progranda and told them not to even click one executables for people they know and exchange email with regular and even trust. They understood it pretty well.
I wrote a quick, "Hello World" command line program in C, emailed it to them, and guess what, they ran it. I just told them 5 minutes ago that it would probably be a virus, did they question it? No, they ran it blindly.
It just printed the string "some one just told you not to double click on executables, if I virus or worm, you would have to restore from backup, do you even have a backup. Glad I like your mug"
They emailed me back saying "opps". I think they better understand now, the real test is when I email them here in a couple weeks and see if they remember then.
They aren't computer savy, they chat with old army buddies via email and view cooking guides on the web, they are "normal users" and don't really have a concept of virii or malice users, even when it is clearly explained to them. Sure they understand it, but do they practice it?
I am going to wait a couple weeks then email the same program from an unknown (atleast to them) hotmail or yahoo email account and see if it "stuck" with them
"`Ford, you're turning into a penguin. Stop it.'" -THHGTTG
Anything that spreads Vacation Bible School files is a good thing, in my book.
MJP
Don't try that "protecting the children" shit you people use to keep the tits and bad words off my TV. --Seanbaby