Slashdot Mirror
New Virus Bombards Mobile Phones With Junk Calls
Wolfe writes: "We knew it was only a matter of time before something like this happened ... I can't wait until our lives and households are completly wired and some jerk sends a virus to my toaster or hacks the coffee machine." Similarly,
crovax writes: "A new virus that spams mobile phone users is out. Checkout the story here. This virus that has only been reported in Spain infects a computer then starts generating random mobile phone numbers." I'd hate to be on the Washington Beltway when this hits the D.C. area!
You don't seem to understand how viruses really run. It's not a matter of whether something can send mail or not, it's a matter of whether an incoming mail can have code in it that will cause the host to send mail without the user's permission.
Actually, the viruses afflicting Outlook can only run if the user chooses to run them. The problem is that no warning is given the user, and it's so easy to do.
Java, on the other hand, automatically denies any script, or any code downloaded from the network, the privileges to do anything remotely dangerous. If the applet or other piece of code requests permission to do so, the user is given a clear warning that it is dangerous to permit it. And practically speaking, it is actually quite a bother to even ask the user for these permissions-- Java's security model is almost too strict. In the long run, though, that's probably best.
There have already been viruses along those lines. Anyone remember the trojan horse program that silently reassigned the dialup number Windows used to be an overseas ISP? Infected people were getting *huge* phone bills.
Does anyone recall any more specific information about it?
I can't find the reference, but I'm sure I heard about a new virus which caused the modem to dial 911. Now that is evil.
I'm just waiting till one of these things is written to DDOS a specific target. If it's microsoft, maybe we'll actually see some security improvements then. If the imaginations of virus writers keeps growing we could see all kind of weird shit happening. Viruses sending spam, running a seti@home client, mailing documents to random people.
In the meantime, I'll think I'll hold off on the web enabled fridge / oven / phone etc. This winter I'll have enough real viruses to deal with.
From the Yahoo link :
In addition, the worm sends a message to a so-called short messaging service (SMS) gateway that converts text messages to voice and sends them to mobile phone users.
SMS does not convert text messages to voice. SMS only does text (and only text) messages.
(my A$0.02)
Patrick
I absolutely agree that its important to make the distinction between virus, worm, trojan, etc., it would cut down on confusion, and encourage more background understanding of computers in general.
/.'d the New England Journal of Medicine website tonight? It's up, but it's boggy as hell.
However, I think it's funny that you suggest "pathogens". In medical school, we had the same problem with distinctions that were generally important (bacteria, protozoa, viruses, worms, other parasites, etc.), but which could be cumbersome when speaking generically. 'Pathogen' wasn't always appropriate either (the same species can be a pathogen in one site, and normal flora in another).
Do you know what we call them, collectively, in the hospital? Bugs.
"Hmmm... Computer bugs?" No, that's already taken...
-------------------
All right, who's the wise guy who
If you can go to bed, knowing you did a valuable thing today, you're very lucky. If you can't... it's not bedtime
This story is already being reported on the BBC as "a virus that infects mobile phones". Well, what's next, infected fax machines and telephone answering systems? As soon as technology is published, someone is trying to crack and abuse it. This is an old story. To paraphrase Dilbert, the designer of any hackable technology has to pit his wits against the collective urges of millions of idle young minds.
The spate of email viruses is just, IMHO, a consequence of the Microsoft monoculture. Systems tend to evolve checks and balances, and computer viruses appear to play a fairly meaningful (if destructive) role in ensuring some kind of diversity.
So, roll on the first true mobile-phone viruses. I predict that the first mobile phones to run the-OS-formerly-known-as-Windows-CE will be the easiest targets. My voice-activated GSM already makes silent phone calls whenever a car drives past, unless I lock the keyboard. Expect many very expensive unwanted calls to numbers in third-world countries.
A computer virus can do unquantifiable damage to a system. Who can you sue? The long-distance calls made by a mobile-phone virus will be much easier to quantify. When the first major mobile phone virus wave hits, expect class-action lawsuits by the thousands of phone users affected. Ralph Nader, where are you?
My blog
I regularly use VBScript in my Word documents, but rarely for much more than automated paragraph formatting. But I agree that some of the stuff you can do with VBScript these days is *scary*.
It's a pity Microsoft didn't put more consideration into security issues when they expanded from Wordbasic to full VBScript - now they have the situation where they have to keep releasing patch after patch to try and plug each new security leak.
Imagine what computer intrusion will be like when those peripherals that "play" smells gain wide market acceptance. Every 15 year-old script kiddie's mouth will water at the chance to make some unwary user's machine smell like a portajohn--using BackOrifice, of course!
YOU'D hate to on the beltway?! I LIVE IN DC, how do you think I feel!!!
-- From my Best Friend (Written to me over ICQ): "i was gonna go to a party...but i had to reinstall windows"
...to clue politicians in.
I don't believe any politician is particularly affected by email spam: they typically have front-end staff that filter the mail.
I don't expect they have the same setup for their personal cellphone.
The *ONLY* way that the laws about spam will change is when spam starts hurting politicians. The anti-spam SIGs are just not glamourous enough to garner attention from the politicos.
Anti-spam SIGs that protest baby seal clubbing, maybe they'd get the attention...
--
--
Don't like it? Respond with words, not karma.
The Telefonica virus uses an http based message gateway. These are extremly common in europe, and most of them have "spam checking", e.g. will not send two identical messages within a given time. Search google for "free sms" to find these (usually ad-financed) services. Some of the more sophisticated gateways want username and password. The telefonica virus generates random (spanish) mobile phone numbers. (Here in Europe, Cellphones have distinct area codes. In Germany, e.g. 16x and 17x are used or reserved for cellphones) Walter
Absinthe makes the heart grow fonder
Not true
You can SMS someone without using an email gateway - you just need a modem and a dialup that lets you sens SMS.
There are packages available for this already.
Also, companies like SMS-WAP.com let you send a message to a large number of randomly generated numbers.
-Ciaran
When you can have a script that actually sends you some usefull stuff on your cellphone ? Check out the script in my sig...
Anyway, this was bound to happen, with all the SMS gateways springing up everywhere. Does anybody know of global SMS gateway sites besides Quios ? I was trying yesterday night to get my slashsms.pl script to work with it, but they use a very clever method to spoof the location of their cgi for every session, and I didn't have the time to work around it.
superblog.org: all your favourite blogs on o
Well...
That sucks. I get money ( not much) when I somebody calls me on my mobile so very telemarketer is can happily call as long as they don't require me to listen.
Now sms i quite another thing that would be really
annoying. Not that I've had afriend that DoS my phone. Not... Not really. Well you can still call with and any incoming sms just gets delayed so it's still usable but clearly annoying.
Anyhow receving SMS doesn't cost any money either.
Get another mobile phone company.
But since I'm Sweden I don't know how it is in the states. However I've heard some wild stuff. Like this... Well...
It's called new wave but it's just the same.
Transit time in California is bad because you have to go far.
Transit time in DC is bad because the traffic FSCKING SUCKS!!!
Would you shut up already?
It was a month or so ago, when I received this SMS message on my mobile:
TELSTRA, OPTUS AND VODAFONE NOW SUPPORT INTER-NETWORK SMS MESSAGES. FORWARD THIS MESSAGE TO 15 PEOPLE AND YOU WILL GET $20 CREDIT ON YOUR NEXT BILL.
I didn't know whether to laugh or cry.
- Chuq
Holy bejeesus this sucks. I'm so tired of reading stupid haiku, and it _still_ gets moderated up. It was funny the first couple of times, then it was kinda boring, but now it's just plain annoying. Making up some ranom haiku is not funny any more.
Gfunk
Send lawyers, guns, and money!
i wouldn't want to be on the beltway to begin with.
(that's why i'm moving from 50 minutes away to 15 minutes away from my job in Reston. no I-495 for me, thank you.)
------------------
"We can categorically state that we have not released man-eating badgers into the area." - Major Mike Shearer, UK
Eh, not bad really :) The real tough part is having to wear a suit, ugh, that's really not me... and the code base here is pretty nasty. All in all it's going okay, settling in...
Java, on the other hand, automatically denies any script, or any code downloaded from the network, the privileges to do anything remotely dangerous. If the applet or other piece of code requests permission to do so, the user is given a clear warning that it is dangerous to permit it...
This is a problem waiting to happen. So users click on their friend's email attachment. The user is prompted
The end-user, knowing that they want to launch it, think this is silly, and just click "Permit"
Then the user is asked from some obscure signer for permission to access the file system, to access other programs, etcetera. A large enough number of users will think this a nuicense, and just click "Permit" until their attachment runs.
There has to be a better way. If perhaps we could pre-approve all local signing authorities, and refuse everybody's ability to "Permit"... but then one user who knows a little bit too much could spread a virus/trojan/worm through a cooporation like wildfire.
Maybe we should just give up, go back to the CLI and hand all our users manuals. It keeps the stupid people away.
Well, I don't normally bother responding to flamebait, but on this occasion...
I'm not totally dumb. In addition the corporate firewall I also run AtGuard (now part of Norton IIRC) which keeps an eye on any active content from the Web, and should also trap anything unauthorised that tries to send information back out. Also I don't run Internet Explorer, so the worst idiocies of ActiveX are not an issue for me.
On top of that we also have a clued in administrator (I am not an administrator, I just look after my desktop box) who keeps our virus checker up to date and does threat monitoring on the servers. ILOVEYOU didn't get in here.
Finally, I spent about six months trying to run with separate user and admin IDs, and believe me it just wasn't worth the hassle. There are so many little jobs, from defragging the hard drive to updating the IP configuration, that have to be done by an administrator. Its just too much trouble.
Sure, it would be better practice to keep separate IDs. But this brings me back to my original point: the fact that I can't do "su" or equivalent means that NT is less secure than it might be because human beings (I am one you know) have better things to do with their time than save all their work, log out, log in, wait for Outlook to fire up, wait for Netscape to fire up, do whatever is needed, repeat.
So, mister clueless pratt, what are you going to do now?
Paul.
You are lost in a twisty maze of little standards, all different.
The next phase is a worm that posts flamebait to Slashdot from your account.
(Wouldn't be so hard. The difficult part is finding the URLs for actual stories.)
__
__
Men with no respect for life must never be allowed to control the ultimate instruments of death.
GW Bu
Hm, this now makes sense. This morning, my toaster burned "I Love You" into the back sides of my slices of toast. I pushed them back down to see if I could even out the crispiness, but then my phone rang, my blender started to spin, my faucets turned on, my fan went to high, and my dishwasher started ejecting my pots and pans. I tried to close the dishwasher door (to protect myself from the pans), but then my fridge spontaneously defrosted, the lights started flicking on and off, my car alarm went off, my radios and TV turned on and started switching channels, and my vacuum cleaner went wild, moving erratically across the floor. Finally I managed to grab a baseball bat and knock the X10 master out of its socket, and everything stopped.
--
"I find your lack of faith disturbing." -- Darth Vader
"You know what's crazy? Majority rules. *THAT'S* crazy."
Bad Mojo
Bad Mojo
"If you can't win by reason, go for volume." -- Calvin
Moderators, when you see the above comment, moderate it to +5, Hot Grits and Natalie Portman (Naked and Petrified)! The man deserves it!
Thank you.
"My name is Linus Trovalds and I pronounce "Linux" as "Linux."
yahoo:"They also said the attack is relatively benign, as it does not destroy computer files..."
microsoft:"The virus has a nasty payload, as well -- it attempts to delete all files on the victim's hard drive and performs several other operations that makes restoration difficult."
what gives?
No, messages can't just magically appear on your phone but they can appear quite easily. You could easily create a virus that spams cell phones, for instance:
AT&T uses "555-555-1234@mobile.att.net" where 555-555-1234 is the cell phone number and mobile.att.net is the email-2-mobile gateway. Most cell phones use their own exchange apart from the land line community phone exchanges. So, you store a few email-2-mobile gateway servers, store a few exchanges for each gateway and just spin through all viable numbers. Quite easy. This is sort of what the afforementioned virus does, just much simpler.
I would think there would be a simple way to get around this too, maybe some cell phone companies allready do this. Since the cell phone service providers are the ones that provide the cell-2-mobile gateway why not set up an access list for each cell phone. Usually, you don't use your cell phone as a main mail reader and composer, usually you get messsages from a certain group of people. If a person trying to email your phone isn't on the access list, the gateway could simply email them a response telling them so and to send the message again or approve it for it to trully go through.
I just hope that someone doesn't come up with a way to *voice* spam cell phones...
Geoff
When I had a pager I had 150 msg's included and then some sort of fee for every message above that. I don't have messaging on my cell phone because it's an extra $3 a month and people might as well call me. I haven't looked into the short messaging on the cell phone since it's a bit more extra than I want to pay considering they make me pay for all sorts of functionality that I don't ever use (call forwarding...)
How do they know that they're sending the short message to a pager and not a cell phone? in the USA the numbers are all the same with no distinguishing characteristics. I'm not sure if the $3 is for unlimited or for a certain # of messages or what it's for, I'll have to look it up.
What is it with VBScript and viruses lately? I wish I could say that I'm reluctant to jump on the anti-MS badwagon, but I'm not. It just seems like all of the recent computer "Pathogens" have been targeted at Micro$oft products.
Clear impoication: MS VBScript implements poor or no security. It's nice that there's a scripting language, but more time should have been spent ensuring that its use would not be a threat to users.
-- Carl
I hate to make a trite post, but with a little perl scripting and everybody's friend Mr. Wakeup, one could do an awful lot of damaging mischief with this sort of thing.
--
"New Virus Bombards Mobile Phones With Junk Calls"
No, it bombards their cell phones with SMS (short for Short Message Service) messages, not phone calls. I wish slashdot article posters would pay more attention to what they are typing and read more carefully.
Geoff
somebody else to finish this discussion and keep Zopilote informed.
Alright, now that you understand the philisophical angle of the virus, you are prepared for random-walk theory. This may be some heavy reading.
Random walk theory is based on the idea that any two people can be connected by going through six people, in a sort of link. You and Linus Torvalds are connected by:
1. You flame JonKatz in one of his articles.
2. JonKatz knows CmdrTaco.
3. CmdrTaco knows Linus Torvalds.
Now, random walk theory is the combination of the six item connection theory and randomness theory. Random walk theory states that given N items, it will take a randomly walking pointer 6N-5 or less jumps to get to all of them, given that all are linked to everything else. This implies that given a million node internet, it will take apprx six million emails to deliver a virus to every node. The thing is, when you run this through a GCC optimized sorting routine, it drops to a maximum of a million, or one jump per node. This implies that the massively interconnected structure of the internet is the perfect medium for a virus to be transmitted.
Now, perculation theory. Perculation theory relates to the chance of a certain event developing in a chemical reaction, given all of the factors present. The current perculation constant (experimental derivative from the perculation theory) is approximitely 99.919%. The inverse perculation constant is 0.081%, and it has been estimated that the trailing third digit of the percent is due to gravitational and quantum fluxes in the area at the time. That leaves the inverse perculation constant at 0.08%. Now, random walk theory tells us that the internet is the perfect medium for a virus, and given the large number of malicious programmers connected via the internet, the perculation constant seems to apply. Except that it also applies to the anti-virus companies, who have the same environment for preventing it. In total, when you work out the ratios, you have an inverse perculation constant of sucessful virus developers. Now, given the hypothetical million node internet, approximitely 8000 sucessful viruses come into existance at a constant rate. Now, the chances of one of these sucessful viruses surviving the same unit of time is calculated by continuing a constant derivation of the inverse perculation constant. That would be 1,000,000 * (.0008^days). Random walk theory says that if the virus reproduces at the maximum sustainable rate for the internet capacity (one request per infected server per hour, equalling, in the hypothetical 1,000,000 server environment approximitely n^2 while n^2 is smaller than 1,000,000 requests), meaning that the maximum capacity for a virus is, for the first day:
1st Day: 8000 survive, 8000*(1) infected = 8000
2nd Day: 49 survive, 49*(4) infected = 196
3rd Day: 30 survives, 30*(9) infected = 270
4th Day: 58 survives, 58*16 infected = 928
5th Day: 689 survives, 689*25 infected = 17,223
6th Day: 237,324 survives, 237,324*36 infected = 1,000,000 (maxed out)
As you can see, it only takes six days for a virus to take over the internet if it isn't properly contained. Java container classes may help, but if even an inverse perculation constant of the requests get through, as they will any security model on a sucessful platform like this, your security is worthless. It's only a matter of time before something breaks through, through incompetent users or faulty implementation.
IIRC, VBScript wasn't only intended for paragraph formatting.
Yes, but the person I was responding to said:
I regularly use VBScript in my Word documents, but rarely for much more than automated paragraph formatting. [emphasis mine]
Hence, my curiosity about what kind of paragraph formatting one could possibly be doing that requires a Turing complete language.
Actually, I believe this is another trojan horse :-)
As for the name, you might as well get over it. We're stuck with "virus" until jounalists start doing actual research (sometime after hell freezes over).
Free music from Jack Merlot.
This will be interesting as most cell phone pricing packages charge you for an email message received on your phone whether you want it or not. What will happen when they let through 300 messages from a worm cruising around and you get a $150 phone bill.
Spam from these sorts of viruses is irritating when you're on a flat rate internet connection, it's gonna be a serious issue when you pay per message.
Hotnutz.com - Funny
I hope the people involved in developing the "wired home" and associated technologies take note of this.
;)
I can imagine it. The Saturday Night Fever Virus. It triggers at about 11:00pm on a Saturday. All your lights start flashing on and off, your stereo starts playing a BeeGees track and your toaster burns some toast (for that authentic nightclub-smoke atmosphere).
Or even better... the ILoveYou@Home virus. Your bed starts vibrating, the lights dim, the stereo starts playing some romantic music, then it rings your neighbor and starts the same thing at their house!
"How much truth can advertising buy?" - iNsuRge - AK47
"How much truth can advertising buy?" - iNsuRge - AK47
But there is a place in the outlook mailbox to store phone numbers. I can't wait until someone figures this out.
Hint: If you live in US, CA or JM and have numerous contacts in JP, OZ or NZ you could go broke in no time. Forcing the modem to dial silent and call the numbers found in order then repeat the process with a pause between calls. Handing over the port when another app wants it would help too.
Basically this is the beginning of a Virus that could have a direct and expensive impact on a large number of people. I.e. Anyone with vulnerable software and wetware ( wetware == human or brain depending on context ) who has a modem on the machine could wind up many $$$ in debt.
This is not fare by any means and I hope it dosn't actualy happen. However that hope may be in vain just like the one about nobody figuring out how to make ILOVEYOU self modifying.
--= Isn't it surprising how badly I spell ?
THIS PAGE lets you send SMS messages to anyone you care to.
One wonders if they're harvesting spam-able phone numbers...
(hit Google and type "send sms message cell phone" and you'll get another few sites that let you do the same thing)
--
--
Don't like it? Respond with words, not karma.
Ask yourself this question: what exactly is 'scripting' ?? Scripting is the screen door in the back yard of your beloved computer. It's the 'nice' feature that does 'fun' things for you and your family. It's a way to execute instructions on your host without the rigors of software installation:
./configure
... this never happens with scripting. A couple of UI atoms, a click, a CR, and BAM! Something foreign is running on your computer. Maybe it's your own, maybe it belongs to your employer, maybe it's a gov't owned CRAY.. it doesn't matter, it's running.
less README
less INSTALL
(possibly) examine source code, Makefile, etc
make
make install
execute
I know, Perl is wonderful (VB much less so), the shell script venerable, and I use these tools all the time, but if you think about it, allowing this kind of execution in an untrusted environment is just inviting disaster.. eventually.
It will happen, mark my words, it will happen, even to the elite. A destructive trojan is only as far away as freshmeat and your root prompt. How many of us can say it will never happen to us? Do you trust FM implicitly? Do you read every line of script source before you execute it? If you do, then you are far better than I.
When the Windows world is tossed about like a reed by these virii, I do not laugh, I worry. It's only a matter of time before I take one for the team myself, and I know that.
--
Dave
As far as I know, most cellphone companies have mail gateways to phone's messaging. I was always wondering, how many time would it take for spammers to discover this thing. You can spam *every* mobile phone in existance, just taking random numbers and using it as a key for the gateway. I was just wondering why they don't do it yet, really?
So, here goes the first one.
-- Si hoc legere scis nimium eruditionis habes.
I regularly use VBScript in my Word documents, but rarely for much more than automated paragraph formatting.
Out of curiosity, why do you need a Turing complete programming language to do paragraph formatting? I just can't imagine what you can pratically do with VBScript wrt paragraph formatting that you can't do as easily, or even easier, without VBScript.
The Lycos article says.. "Security experts said the virus is the first to hit mobile phones, although they emphasized that the worm is propagated by computer and not via the telephone system. They also said the attack is relatively benign, as it does not destroy computer files but merely delivers a message disparaging the Spanish telephone company Telefonica. " But the MSNBC article says.. "The virus has a nasty payload, as well -- it attempts to delete all files on the victim's hard drive and performs several other operations that makes restoration difficult. " Who's right? Al.
MSNBC writes "a virus that infects mobile phones" - well, just plain wrong: No mobile phone can execute VBscripts. The virus infects ordinary PCs the same way the "I love you" virus did it, but just besides the ordinary stuff, it might also try to send a few SMS... But the phone doesn't get infected...
I hope Slashdot wont't publish such plain wrong stuff again! Just because it's written on msnbc doesn't mean it's true, mind you!
IIRC, VBScript wasn't only intended for paragraph formatting. It should be *the* scripting language for Windows (like REXX is for OS/2 or Perl for Unices). It was designed that you could do every administrative task you might want to in VBScript. Of course with the inherently insecure Windows environment, it can also do everything a worm/virus programmer might want to do on your machine...
Cthulhu fhtagn!
"merely delivers a message disparaging the Spanish telephone company Telefonica" "The message is in Spanish, and the message is directed at a Spanish operator." "We believe the worm originated in Spain" Wow, that's such an amazing comment, who would have thought with _all_ that evidence that they'd managed to figure out it came from Spain! :) Yet another pointless report about some idiot that felt compelled to write a windoze exploit. Not that I mind personally - the more windoze viruses there are, the more people will get pissed off with Windoze in general... -- Jon. "You didn't look inside my anus; you didn't look everywhere"
http://www.jonmasters.org/
Cthulhu fhtagn!
I have an alphanumeric pager that I keep for monitoring our servers and it is usually spammed about once a week. Don't ask me how they ever got ahold of my phonenumber/email address for this pager. I suspect that paging service provider is selling these numbers off for profit, but I could be wrong. However, it is rather annoying when my pager goes off and I just about have a heartattack thinking one our servers is down only to find out that it is nothing more than another advertisement . Not to mention that every page I get counts toward my monthly quotas and soon I will be charged to receive "spam".
Nathaniel P. Wilkerson
NPS Internet Solutions, LLC
www.npsis.com
Nathaniel P. Wilkerson
www.haidacarver.com
How long does this haev to go on before M$ can get sued for defective products. Can you image having a defibrulator running on CE that gets spammed by a virus? Outlook is the Tobacco of computing.
If the power grubbing politicians get sufficiently pissed off by having their cell phones jammed with spam, maybe we can get laws passed to smash the spammers.
Nah!, the spammers will just keep up the "campaign contributions" and we will be screwed again.
rm -rf microsoft*
Words are words, and their meanings are defined democratically. What the lowest common denominator wants everybody gets, and if you fight it, you'll just get marganalised as an elitest snob. Sad, but apparently true. :(
Thad
Thad
You can ;), but it seems that it references Cmos.com when updating the registry.
IDKVB (I Don't Know Visual Basic
And it definitely writes a binary file at the end of a sub called CopiarCmosAfichero (CopyCmosTofile).
http://barrapunto.com/ - News for nerds, en español
You can <A href="http://barrapunto.com/comments.pl?sid=100/0
<P>
IDKVB (I Don't Know Visual Basic
<P>
And it definitely writes a binary file at the end of a sub called CopiarCmosAfichero (CopyCmosTofile). To me it seems it is creating Cmos.com so it can write the Cmos to a file, and thus doing what it states, but I would like confirmation on what it is doing.<P>
Javier 'Candyman' Candeira
http://barrapunto.com/ - News for nerds, en español
Some time ago, when a friend of mine had a cell phone and I didn't, I'd send him text messages via a web page helpfully provided by Fido (the company selling us the service).
This was very useful, but is trivially easy to spam via scripts. My friend even wrote such a script, to forward email from his account to his phone (before purchasing phone email service).
It would only take one or two knowledgeable people saying "hey, that's neat!" to do that here in Toronto, and I'm sure Fido isn't the only company set up this way.
Why don't these phones have the capability for the owner to specify an address book of people he/she is willing to receive messages from?
Switch the . and the @ to email me.
That said, I will officially laugh my ass off if these phones are running Windows CE...
Dammit, my mom is not a Karma whore!
good to hear. Though the suit thing would drive me nuts after about three days. Dressing nice is fun, but when you HAVE to wear anything it becomes a uniform, and I'm far too subversive for that ;-) Hope it goes well for you though!
Bad things often happen to good people,
It is up to them to see that they remain good.
Everything that's new (and mobile, digital phones are certainly still new) goes through a period where its limits are tested by those inclined to do so. I can't imagine any exceptions to this.
While some of these 'tests' are valuable (look at DeCSS), others are irritating.
I can certainly tolerate a little irritation in exchange for cool, new gear. Pass the Neosporin.
-- build a man a fire and he'll be warm all day. set a man on fire and he'll be warm for the rest of his life.
I suspect that there may be some countries where my current degree of smugness would be illegal :-).
At the moment it targets one specific email-2-mobile gateway. Many gateways have opt-in stuff and passwords so that human spammers can't abuse the system. This virus is simply exploting an open gateway, like that nntp gateway demon used to run.
Melissa and the love bug got faxed to people through email-2-fax gatways (we one run at work, so I know what they're like). I have a few e-mail addresses for my mobile. This latest thing is an inevitable variation on an old theme. Nothing to see here, move along now.
(That said, if I'd received "I LOVE YOU" on my mobile I would have thought it funny enough to take a photo and post it somewhere on the web ;)
'Pathogen' wasn't always appropriate either (the same species can be a pathogen in one site, and normal flora in another).
I don't see this being such an issue with computer pathogens, as most code is either inherently malicious/harmful, in which case it's pathogenic, or it's benign, albeit perhaps with bugs. Most people already distinguish between the two, since most people still refuse to consider MSWindows a trojan horse.
"If one is really a superior person, the fact is likely to leak out without too much assistance" -- John Andrew Holmes
being poor is good, no junk calls
Rock 'n Roll, Not Pop 'n Soul
Rock 'n Roll, Not Pop 'n Soul
carldrawings.dk3.com
The first is a free service that just broadcasts the subject line. I can decide if I will allow it, disallow it or require a password in the subject line. I currently have it open and I forward a copy of all my email to it after hours.
The second charges me for messages, but will send the first 100 or so characters, subject and message body. It has a range of filters including a maximum number of messages per 24hours and a block/accept list. I can block specific address or only allow certain addresses. I have this one setup to allow all, but only 10 a day. It's currently not being used.
If it's important to you, you can filter out most of the crap, but I prefer to just turn the phone off when I'm asleep (or at the movies). I use pure SMS, so it's not like I'm going to catch a virus on my 8810. ("Smarter" phones may have exploitable holes, I don't know.)
IDKVB (I Don't Know Visual Basic ;), but it seems that it references Cmos.com when updating the registry.
And it definitely writes a binary file at the end of a sub called CopiarCmosAfichero (CopyCmosTofile). To me it seems it is creating Cmos.com so it can write the Cmos to a file, and thus doing what it states, but I would like confirmation on what it is doing.
Corrected from parent
--- Linux... a college project gone horribly right
Behold: another reason Java should be used on these kinds of devices. Its built-in security model has yet to be breached in any significant way by a virus.
This is embarrasing, I managed to foul up my post -- twice.
/me shoots himself on the foot. Twice.
http://barrapunto.com/ - News for nerds, en español
Those sprint PCS bastards shut down the only DC based GSM network.. so much for competition.. Anyhow, about %75 + the US is going away from GSM so I don't think there's much to worry about.. laterz..
Posted by serpens:
The articles say different things. It looks like another journalist wasn't listening to what was being said.
The Yahoo article:
They also said the attack is relatively benign, as it does not destroy computer files but merely delivers a message disparaging the Spanish telephone company Telefonica.
The MSNBC story:
The virus has a nasty payload, as well - it attempts to delete all files on the victim's hard drive and performs several other operations that makes restoration difficult.
Do journalists get anything right anymore???
serpens`
The idea of "everything being connected" has been around for some time. Quick things that come to mind are Sun's JINI (or Java for that matter), Microsoft's "Home", and the X.25 protocol.
/. keeps ranting about the evils of VBS, the same thing could be done in Perl, or any other unix scripting lang. One user has already talked about Fido in Toronto and it's web message interface, Clearnet has the same thing. How long before some script kidde hacks a shell account and starts bombing cell phone from there?
To quote from the article linked to:
The virus has a nasty payload, as well - it attempts to delete all files on the victim's hard drive and performs several other operations that makes restoration difficult.
So once again we have another VBS virus. But everyone on
Back to the "networked home". Heres where people start to go overboard. I don't want my toaster on the internet, but I *might* want it on my lan. Simple firewalls can stop someone from toasting bread all day long in your house while you are at work...
It's really sad to see that someone chose a virus to send their political message (the article has a copy of it if you want to read it). I'm all for political activism, but trashing someones HD will not get your point accross...
To fix this problem, the SMS protocal needs to have some sort of accountabilty factored into it. Right now, you can send a message to anyone from almost anywhere. If a block sender/approved senders list was added to the spec, users could chose the level of security they want (Do you want to allow all, and only block some, or so you want to block all, and only allow some?)
It will be awhile before we see the end of the VBS nightmare, but Linux users better watch out, it's been TOO LONG since someone released a virus that attacked some (yet) unknowen weakness in Linux/BSD.
That's just my $0.02 According to antivirus researchers Kaspersky Labs, the virus works only on Windows 98 or Windows 2000 computers on which the Windows Scripting Host (WSH) is installed.
Driven by 100% sarcasm - fueled by the need to be heard.
BLOW IT OUT YOUR ASS!!!!!!!!!!!!!!!!
Good Idea. It might be safer than talking into the phone. I could try farting in morse code. However, perhaps with some practice I might be able to do 110 baud
134340: I am not a number. I am a free planet!
The first thing to do is to never advertise your pager's email address. This gets around half of the problem. Getting around the half that they're easy to figure out is the phone companies problem to solve.
The other thing to do is create an alias for it in your local domain if you do have to give it. Then, when your pageme@mydomain.com address suddenly becomes a target, you can change your mail aliases file and not have to change your phone number.
The next site to slashdot will be ready soon, but subscribers can beat the rush and start slashdotting it early!
This reminds me alot of a nasty little prank.
Get the home phone number of someone you hate.
Find a bank of pager numbers.
Send random pages to various people at odd hours of the night with victim's phone number as the reply. (Some pager systems allow e-mail pages. This allows for AT or Cron jobs.)
Repeat as needed.
"Trademarks are the heraldry of the new feudalism."
before u know, the next thing they will do is to kill the phone... then time to buy new phones , here come "thin client" phone !
The title of the article is wrong. This virus just sends SMS messages, it doesn't call anywhere. (For US readers: in GSM you have something like a pager every mobile, it's called Short Message Service.)
It's very easy to spam mobiles, using GSM operators' e-mail or WWW gateways, especially when the e-mails/WWW requests come from different computers of the virus victims and the mobile e-mail addresses are easy to guess, like 123456@sms.yourgsmoperator.com..
The virus type, known as a worm, targets phones
This is just plain wrong; viruses are viruses and worms are worms and never the twain shall meet. What we need to do is start using a general word like "pathogens" to describe all communicable software nasties. If people then want to get specific and say what sort of pathogen it is, then that's fine, but to treat "viruses" as a category encompassing worms and trojan horses and the sort is absurd.
"If one is really a superior person, the fact is likely to leak out without too much assistance" -- John Andrew Holmes
After reading numerous posts, I think I know what we really need to get rid of the phone spam... Procmail. (well, something similar to that, anyways) SMS message comes in that has something from the wrong folks... > /dev/null.
Hmm.. if it were going through enough hurdle and such, it might even work for getting rid of other stuff...
Okay, minds working a little bit better now... (love that coffee)
Anyways, how about this thought:
SMS messages with some sort of accountability(as suggested by someone else) --however, allow annonymous ones as well(therefore keeping some level of backwards compatibility.) Then, if you don't want to recieve annonymous ones, dump them to an e-mail account automatically. Same thing with Spam and such... Hmm.. anyways, just a few thoughts:)
If I was that drunk, I would have remembered it -- H. Simpson
Personally, I really, really miss the AC ranting about the inability of white boys to play funky music.
Heck, all you really need to do is start posting messages to Usenet with a random @mobile.att.net (or similar) address each time and other people will spam the phones for you...
My vote is still a toss-up between Jon Katz and Signal 11 ;)
Stories like these always make me wonder if because we can be this connected, does it mean we should be this connected? Oh, how I long for the days of the tin-can telephone when I was a kid...
IDENTIFICATION DIVISION.
GOBACK.
-pf
Make affiliate bucks
(US - MASS)
Ok, I might be talking out my rear here, but I think that this is how it works... A co-worker of mine tried to explain this one to me once.
Any of you Ham-heads/radio-junkies please correct me here.
Thanks to the FCC, Junk Cell phone calls are illegal.
Have you ever noticed that you don't get telemarketers calling your cell phone? That's because it is illegal to make unsoliceted calls to a cell phone (some FCC regulation). It has to do with the same laws preventing pirating known radio station frequencies.
As stated there wrong numbers made to a cell phone are also illegal. (So yes, you can take legal action against the idiot who accidentally calls your cell at 3 AM looking for a ride from the bar... not that its right.)
One of the guys I work with chucked his regular phone completely just for this reason.
For calls like this, the owner of the phone is completely not responsible. If you wanted to, call up the phone company and *itch to get your $0.10 back - but for most people thats just not worth the effort and we suck up the cost.
I'd imagine that if you start recieving spam-mails targeting your phone and charging you that this would be a similar sort of case. Its still operating on an FCC liscenced signal, and illegal use is illegal use.
Ultimately there is a fine which the originator must pay..
just something to think about.
You say you want a revolution?
At least the phone calls do not claim to come from ibm.net. That would be the ultimate unethical behavior: forged spam virus!
This is scary. We could all be wiped out by a disease spread by a dirty telephone. I'm going to hire a telephone sanitizer right away.
134340: I am not a number. I am a free planet!
didn't HNN just do a story on this potential problem. I think they actually ran that story today. I wonder if this is just a coincidence. As I recall, they were reporting the potential for a problem, but not an actual virus in the wild. Hmmmm....
Jaeger
http://334.se2600.org
http://jump.to/jaeger