Slashdot Mirror
Gnutella VBS Worm
TRingstad writes: "ZDNet has an article about a new worm infecting Gnutella users. The worm changes the gnutella.ini file to accept VBS files and places 23 Trojan files in the Gnutella download directory so that others on the network may find them. It then creates a 'victim' file with some statistics on what generation of the worm infected the user and on what date. Finally, it copies a warning, 'If I was a naughty boy, I could use scripting to get name, email, whatever file I want.'"
This could easily have been a lot worse -- the author could have trashed the systems of victims. However, it is simply a warning created to illustrate a serious security hole. Kudos! This is the ethical side of hacking that was always encouraged by the community as I was learning.
And spare the "hacker v. cracker" definition wars -- IMO, crackers are malevolent, and the author of this worm is certainly not.
--
We may not imagine how our lives could be more frustrating and complex—but Congress can. – Cullen Hightower
Is it an underground effort by the Linux zealots to undermine Windows? Is it a cunning ploy by Micro$lop to get people to buy W2K?
Or is it the anti-virus vendors drumming up sales?
Or am I just paranoid, and it's all coincidence?
Strong data typing is for those with weak minds.
Strong data typing is for those with weak minds.
PamelaAndersonMovie.mov, collegesex.zip, MetallicaMP3crack.zip
.vbs files.
.vbs extension before you download. And think about it... would a good movie be only a few thousand bytes long???
To quote the article, it is in files marked "Pamela Anderson movie listing.vbs, collegesex.vbs, Battlefield Earth.vbs, Napster Metallica Crack.vbs and NSync.vbs"
Because of the way windows works, you may see something like "PamelaAndersonMovie.mov.vbs", much like the ILOVEYOU virus had. But more often, Windows defaults to not showing the extension on
Gnutella though, will show the
The problem is that the amount of common sense in the universe is a constant, however, the population keeps rising. This particular one can only really hit your system if you download and run it.
--You will rephrase your request for me to go to hell. Goto statements are not acceptable programming constructs
Second, be very grateful the author was nice enough to make this a benign bug.. it could have had CIH as its payload.
And I quote, from the Gnutella home page:
"Some reports have been circulating in some of the online press about a 'Gnutella Worm'. This 'worm' does not exploit any weaknesses in gnutella itself, but rather weaknesses in the Windows operating system and more importantly, the user. This 'worm' will not affect anyone who doesn't manually download it, and subsequently manually run it. Gnutella does not execute any files it downloads. Be smart, don't run anything from an untrusted source without checking it first. This is an exploit of human gullibility and a weak operating system, nothing more."
Gnutella powerful, humans weak. Grunt, grunt.
John S. Rhodes
WebWord.com (Usability Vortal)
How to Download YouTube Videos
This is not a Gnutella issue. It's a weakness in Windows, one that has been exploited time and time again via email. This 'trojan' just happens to propogate via Gnutella.
Oh, yeah. Kudos to the author. Novel delivery mechanism! Better than ILUVYOU and it's attempt to spread via IRC!
.sig: Now legally binding!
This is a UNIX email virus. It works on the honor system:
If you're running a variant of unix , please forward this message to
everyone you know and delete a bunch of your files at random.
Thank you for your cooperation.
< snip >
The only thing this Gnutella trojan can prey upon is an idiot user and there really isn't much one can do to protect against that.
carlos
--
As a matter of fact, I am a lawyer. But I play an actor on TV.
There was something more interesting, though, that I discovered. Somewhere, someone figure out a way to take the search words that get sent out, and automatically create an HTML file from it. If you download it (as I have, a couple of times), thinking maybe it's an HTML file linking to some place that may have what you want, you'll find it's something else totally unrelated - somewhat akin to getting the xxx sites when searching for completely innocuous topics because they manipulated the search engines. Nonetheless, an unscrupulous (relatively speaking, given the nature of Gnutella, and because after all, who would complain?) could link to a site full of banner advertising or some such to get hits.
Back in my day we didn't have any scripting launage to code virii/worms in, we had to do it in hard code ASM, by hand, without an assembler, in the middle of winter, without power in middle of a frozen lake. Back then, there wasn't "documenations", we had to reverse engineer the processer to get the correct op codes, then write are own assmebler.
Then when we wanted to run the file, we had to transfer it via 340K 5 1/4 floppy disk, we didn't have networks, the Internet or fancy hard drives.
Then once the floppy was in the users machine, we had to call up and have the user run 4 differant executables, this took a lot of social engineering.
Seriously though, who says Microsoft isn't invonative? If you want to write a virii/worm for DOS you needed with ASM or C/C++, which is differant for the typically script kiddie to understand. Hand someone Visual Basic for dummies book and with a week have a worm that can prograte around the Internet within the matter of days. Thank you Microsoft for your weak securtiy premissions and easy to use high power octane scripting launage.
Seriously though, if Microsoft wanted to make it more security, give it user premissions like Unix, but if they want to keep it easy to use, have a popup box when something (program/script/command) wanted to access/write/read another users file and say "This program needs to run at a differant user level: level foo, are you sure you want to run this?" and when they click "ok" it gives them a popup box to enter username/password for level foo and if they are entered correctly it runs the program with higher premissions. Easy to use and somewhat secure. Just have Unix or Unix like premissions, with the easy of use of Microsofts pop up and dialog boxes, the user won't even have to touch the command line (btw command.com sucks compared to bash, and edit is pathetic compared to vi, I won't wish Microsoft command line interface to my worst enemy)
"`Ford, you're turning into a penguin. Stop it.'" -THHGTTG
I don't believe you'll find a less security-aware company on the face of the planet. If they did port Office to Linux I have no doubt in my mind that it'll need root privs, and include all the happy horseshit that's been getting Windows users infected for years.
You can keep MS and the virusses that come with them.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
I just tested this, I emailed my grandparents and told them to NEVER execute an attachment. I told them it was probably a worm or virus, when into the whole anti-virus/windows progranda and told them not to even click one executables for people they know and exchange email with regular and even trust. They understood it pretty well.
I wrote a quick, "Hello World" command line program in C, emailed it to them, and guess what, they ran it. I just told them 5 minutes ago that it would probably be a virus, did they question it? No, they ran it blindly.
It just printed the string "some one just told you not to double click on executables, if I virus or worm, you would have to restore from backup, do you even have a backup. Glad I like your mug"
They emailed me back saying "opps". I think they better understand now, the real test is when I email them here in a couple weeks and see if they remember then.
They aren't computer savy, they chat with old army buddies via email and view cooking guides on the web, they are "normal users" and don't really have a concept of virii or malice users, even when it is clearly explained to them. Sure they understand it, but do they practice it?
I am going to wait a couple weeks then email the same program from an unknown (atleast to them) hotmail or yahoo email account and see if it "stuck" with them
"`Ford, you're turning into a penguin. Stop it.'" -THHGTTG