Slashdot Mirror
Pro-Linux Mail Trojan Running Around
Xeno noted a story making the rounds about a Pro Linux Virus. Well, they're calling it a vrisu, but its a trojan. Its a flash thingee embedded in emails. It mails itself, and then renames zips and jpegs to have have a Pro-Linux message. Very bad advocacy, but when I turn off Dad Mode, I gotta laugh about it.
I think it's this thing called Windows, I heard about it when playing XBill. It seems to take over your computer and spit out the word "Microsoft" all over the place. Microsoft gave a half answer to it, called FORMAT.EXE and even there own version of FDISK, but they also encourage people not to use it.
Have you read my journal today?
Thanks for the info on ESR, that has nothing to do with the subject. On robes, note that they are worn by judges, clerics and academitians. Whatever!
Only during ceremonies or official duties. I don't recall there being a history of, nor official use of, long flowing robes in computer science and/or engineering. And least, not in the last 300 years.
As for it being irrelevant -- no, it's not irrelevant. The point demonstrated is that zealots don't necessarily follow logic or clear thinking when pushing their position on other people. This includes ESR -- though he's not even in the same league of fruitloops as RSM.
What have you done with your life, Simon Cookie? Your homepage, dripping with sappy poetry and a copyright notice(!), does not show much.
Plenty, thanks. The copyright notice is because -- guess what? -- the site is copyright to me. That includes all articles posted therein, and all the material on it. If you want more details, I'm afraid you'd have to ask me privately. Let's put it this way; I've done a lot more at my tender age of 25 years than most people have done by age 40.
Simon
Coming soon - pyrogyra
I'm of 100% Irish heritage, but I don't go out in the sun all that much. More a child of the night.
--
Evan "JabberWokky" E.
"$30 for the One True Ring. $10 each additional ring!" -- JRR "Bob" Tolkien
If we could have a "Bitchslap Utility" to give such users a wake-up call after they run said attachments, that would be damn useful...
sulli
RTFJ.
I think whoever made this post is confused. This Trojan isn't pro-Linux... It's one of the the more anti-Linux thing any Windows user could do to other Windows users. The media will get ahold of this and portrey it as "those baby Open Source people are not resorting to dirty little tricks to try to promote Linux." It looks *really* bad.
Six months? Shit, if it were any more destructive, it would set us back 9 years (1990 ring a bell?)
But you are absolutely correct -- with one exception. There are immature people in all aspect of computer technology. Hence the reason we have virii today, eh?
I think its these idiots who grab the mike at every possible (in)convenience.
In my opinion, these virus authors are about as sorry as crackers.
INSERT INTO comment VALUE('Doh!') WHERE user='you';
your proxy blocks M$N?? Is your company taking resumes??
I love the smell of Karma in the morning
It seems that even after patch after patch of the MS outlook system, virus still spread like wildfire. MS should employ a virtual machine to run attachments, that way it could sandbox the application. If it does not do any damage, then it can be let loose into the real operating system. Virus have been getting more and more complex. Connecting to newsgroups, sending email... what's to stop them from quiety sitting on your computer (not doing ANYTHING) just spreading... and then one day, some malicious hacker launches a DDOS against yahoo or something.
Having only today spat the dummy at the users here on the subject of binaries of unknown source (no harm was done as it turned out, but it's the principle of the thing), may I recommend to UK sysadmins that they draw to their users' attention section 3 of the Computer Misuse Act 1990, which makes it an offence punishable by up to five years in Her Majesty's Holiday Camp to cause a computer to do anything unauthorised that damages data with intent to damage data.
If you explain to them what types of attachment are likely to do this, and that therefore they have no excuse, the threat(rather thin, as it happens, where it's stupidity rather than malice) of prosecution should concentrate their minds rather nicely.
-- AndrewD
A Maze of Twisty Little Laws, All Different.
WRONG SOLUTION, damnit!
You should never, ever let your OS take care of files. You should *always* open a program, and let the program try to open the files. Letting the operating system guess on the file types is doomed to failure, and its like -begging- to get infected by bad things.
The idiot that moderated you up should be shot for stupidity.
--
"Rune Kristian Viken" - http://www.nwo.no - arca
Well, they're calling it a vrisu,
I can see it now: the dreaded vrisus and jabberwockys scampering around on a green irish field, playing in the sun...
Sorry.
Trust the Computer. The Computer is your friend.
This is such a stupid argument. I don't care if /usr/bin/gcc gets deleted, I'll just reinstall it. If all of my personal work gets deleted it's much more painful. Now tell me again how permissions
help me?
First, You will care if your registry or important system DLL gets deleted (since you won't be able to boot). Second, if you need to run an untrusted attachment, you would do so as nobody to contain the damage. As nobody chroot-ed to /usr/local/jail if you want to be even more careful.
In a networked environment, you will really appreciate a proper concept of permissions and untrusted users when the nitwit in the next cubicle runs a trojan and loses everything, but all of YOUR files on the same server are fine.
> Well, they're calling it a vrisu, but its a trojan
Well, whatever it is, it certainly isn't a "vrisu". Isn't that a Hindu God for something?
Mike.
Tales from behind the Lagom Curtain
Good thing that the flash plugins for linux-netscape never seem to quite work, and so remain uninstalled.
I want to delete my account but Slashdot doesn't allow it.
Has anybody calculated the number of people kept employed due to virus outbreaks and the millions of $ generated into the economy due to the spikes on sales charts of anti-virus companies?
Viruses are bad. Very bad.
At least, that's what symantec and McAfee say. They should know, they wouldn't exist if it weren't for them.
If it weren't for hypocrisy, this industry would have collapsed a long time ago.
w/m
Why do these people write these? Why do people CONTINUALLY get infected by them?
/. story than this dreck - which is only going to serve to harm the Linux community in general.
What I really don't understand is why someone hasn't written a benign virus/trojan - same manner as the Mellisa/ILOVEYOU trojan, except that when run by the clueless, it would remove any other trojan VBS scripts (or quarantine them) on the machine, ask to send copies to "friends" (upon which it would email itself to people on the address list), then remove itself from the machine.
If the "hacker" wanted to go further, he could place a little "Agree or Disagree" EULA/disclaimer at the beginning the user would have to agree to in order for the code to run. He could also insert a little "educational" note on why the virus ran, and how to protect against future attacks by less benign viruses in the future (up to and including installing Linux?). Finally, he could encrypt the "meat" of the VBS trojan, and put a little blurb in the EULA about the DMCA clauses prohibiting the alteration or creation of software to remove copyright controls on software.
Such a "hack" would be more worthy of a
Worldcom - Generation Duh!
Reason is the Path to God - Anon
Perhaps in this situation though, this particular trojan was concocted by a MS advocate that is afraid of how close Linux is getting. Wants to put a bad spin on things. Dunno, just a thought.
Is this because Linux users are by nature not malicious, petty, vengeful, or stupid?
Please -- open your eyes. You're dealing with people here. In any given sample, you'll have a certain number of misguided kooks who don't have a clue. Does the fact that it was a stupid thing to do automatically mean that it wasn't a Linux user? Nope. Sorry. The OSS community has its fair share of kooks and idiots too (as evidenced when ESR turned up to that Windows Refund thing in a jedi robe... what a schmuck).
Simon
Coming soon - pyrogyra
Regardless of who originated this (which shouldn't be hard to discover, the guys email address is in the program), the Linux community can do without this kind of publicity. I would rather have people use a non-Windows OS because they wanted something different, not because the one they use is too buggy and insecure. Although that is a good reason as well.
Thanks a lot to the asshole who started this thing
nahtanoj
While I understand your reasoning (and I also have seen another poster's reply on this topic - the gist of which is that of trust and levels of education in users), it wouldn't matter if the creator of the original was blamed (though it would suck). Why?
Because the creator of said benign virus should develop and release it in UTMOST secrecy, with NO WAY to trace it back to him (after release, he should destroy all notes and such, as well as his copy of source, to the trojan as well - maybe he should even physically destroy the hard drive as well). He should take the knowledge to his grave. With proper precautions, no one could trace it back to him.
Note that I won't be the one developing this "trojan" - though I am certain I could, given a little time. My simply posting here in this forum has tainted me from doing it (because I would be a suspect).
Worldcom - Generation Duh!
Reason is the Path to God - Anon
I get lots of attachments I didn't ask for -- mostly work-related stuff from co-workers in stupid MSOffice formats. And most copies of prolin, melissa, and their ilk will come from co-workers. It's awfully hard to teach users to tell the difference.
A large part of the problem is that it's possible to mislead windows users about the file type. The mail client needs to provide the user with accurate file type information -- i.e. how the OS will treat the file if you click on it. It should also provide a suspiciousness indication and probably require a confirmation for suspect types.
Well yes, but it's masqerading as one of the numerous Flash executables that are floating around (basically a flash player and an accompanying movie bundled into a single executable).
Are they seriously suggesting that lusers should be responsible enough not to launch .exe files they are emailed?
I can't speak for others, but I personally launch all of the executables that are mailed to me. Of course, I do it under Wine from Linux, and no, I don't have my home directory mounted as a network drive. Even if it does contain a virus, it won't do me any harm...
"The invisible and the non-existent look very much alike." -- Delos B. McKown
Oh yeah? Well when someone creates and lets loose a file descriptor-hogging trojan, you'll stop laughing.
Wait a minute, someone already did release that! It was rhnsd in RedHat 7!
"Ancillary does not mean you get to rule the world." --U.S. Circuit Judge Harry Edwards, speaking to the FCC's lawyer
*ahem*
Slashdot has stories submitted to it by users who have seen the story somewhere else.
If you're going to install one of these, shouldn't it actually do an installation rather than silly slogans?
Taking this a little serious are we? Im not so certain we should take this all as serious as "we've set back the movement 9 months" or "thanks to the asshole who started this thing"? What we have here is the same collection of idiots who aid in distributing viri every time a new one appears. Im sorry - im getting increasingly incredulous and indignant regarding this group. They quite frankly get what they deserve - we all know that a virus is rarely actually malicious - the worst it does is delete a few files or mung up your OS. Problems easily fixed. When was the last time you saw a virus that damaged hardware? (flashing microcode/bios'?) not very often - so a virus is little more than an inconvenience (and arguing that it costs XYZ Company $1237^10 will hold little water because I frankly dont think the profiteering of BigBusiness is a motivation the citizenry of the planet should be as concerned with as they are..).
So what we have is a problem - easily avoided - brought upon oneself by the lusers at these PeeCees. Would people be angry if I bought a new car, didnt know how to use/maintain it - drove it off the lot, straight into a wall or into another car in the intersection because "I didnt understand the rules of traffic" (or ran it out of oil)... who would be responsible for my damaged car? The manufacturer? My Mechanic? My neighbours? No. I would be responsible, I dont know how to use this device I just bought. I have to be responsible enough to myself and my neighbours that I fully understand what I am doing before I take on this responsibility.
How many cars are going to follow one another over this cliff (execute endless virus/trojan emails received on WinXX PeeCees) before the users become responsible?
Note to users: DO NOT EXECUTE UNKNOWN BINARIES!
If you dont know how to use your computer (car) dont compute (drive)! Not only are they polluting (propagating viri) but they are endangering other conscience drivers (teaming onto the 'net via AOL without a clue, and generally degrading the content to meet their expectations).
Im sorry - Ive lost all sympathy. Ill bet Im not alone.
All in favor of classifying any unwanted Flash movie as a trojan horse, please perform the self-indulgent marketers' salute.
Leave it to a Linux guy to make SPAM more intelligent.
You are on the way to destruction, you have no chance, make your time!
(would be funnier if the caps-filter know what being facetious was)
It's 10 PM. Do you know if you're un-American?
Geeze, did someone mess up while rewiring the nerves to Rob's finger muscles? You'd have to be pretty stupid/disturbed/startled to spell the word "virus" as "vrisu." It's too hard for me to misspell it.
"Ancillary does not mean you get to rule the world." --U.S. Circuit Judge Harry Edwards, speaking to the FCC's lawyer
Is just one more piece of ammunition for my boss against me running Linux in our company. As it is, I have a hard time just defending using a Red Hat box for Apache.
My odds were low before, give my users love of MS Office and Exchange mail. Now that this virus hit three of them, (via their Yahoo accounts), no chance. Lovely.
Who ever wrote this thing, thanks alot. Nothing like cutting your nose to spite your face.
46. The Hobo smiles, his eyes glaze over, and he burps. "Beware the man who has lived longer than the Wasteland."
Very interesting...
I was thinking more in the realm that the VBS trojan would be self-contained - ie, it would be the email, and it would contain all the code to "update" the system (like that "cable modem speed fix" VBS file does to the registry). As I noted in the post, it would ask to do the update _first_, before doing anything. Furthermore, I did note that it could "quarantine" the messages/VBS scripts, so that nothing would be lost (in case some of those scripts were legitimate) - ie, it wouldn't really delete anything, just move them to an area not readily accessible by the user. Plus the bit about educating the user (maybe even recommending virus protection software, using another email reader instead of Outlook, etc).
Glad to see that someone else tried it, and at least put out a feeler to see what people's response would be...
Of course, he was looking at this as an uncontrolled admin tool, instead of what it really is - a weapon against the enemy. Since stealth is the rule of the game, the writer of such an "Antivirus" will release it anonymously, in such a way that it can't be traced back to the individual - heck, probably couldn't even be traced back to the machine it was released from.
I can see the bandwidth problems with downloading another application/EXE to do the fix, but this would just be email (though it would be a funky automated SPAM), so eventually after propagating it would slowly die out...
Worldcom - Generation Duh!
Reason is the Path to God - Anon
Every user I support that hears about this will email me the details. Just what I needed today. These cause me more grief than the actual virus.
I need a new job.
Just a dude. Stuck in IT.
I've always said that the problem with Linux is going to be its users. While most of them are mature and reasonable people, willing to work as a community towards common goals, for some reason the people who get all the attention are the petty children who do things like this. It's as if they find the loudest idiot in the crowd and give him a microphone.
To whoever did this - way to set things back a good six months.
To whoever is contemplating emulating this behavior - think again about its impact upon the community.
To the rest of you, the mature Linux user - thank you.
First off opening constantly opening attachments are how networked offices are run, and considering the more famous viruses ones take names from your address book it kind of defeats the "dont open from those you dont know" advice. Not to mention that viruses appear everywhere, I've gotten them on commercial software right out of the box, so don't expect virus companies to go out of business soon.
There simply is no easy solution.
And for the 100th time, virii isn't a word. viruses is.
and chroot()!
What's wrong with Bill? When he steals, he always forgets to grab the good stuff.
--
Do daemons dream of electric sleep()?
Time for a LART, methinks.
Do THWACK! not THWACK! run THWACK! any THWACK! binary THWACK! attachments THWACK!!
Next week you will see a link to my bum, with Natalie Portmap licking hot grits out of it.
Imagine a Beowulf cluster of *those*, eh??
--
Do daemons dream of electric sleep()?
From the article:
He urged users not to click on any attachment "until this dies down."
How about urging people NEVER to click on attachments, unless you've explicitly asked for them? Oh forgot - if we did that, the anti virus companies would go out of business, so we can't do that.
Sheesh.
The next Cmdr Taco duplicate will be ready soon, but subscribers can beat the rush and see it early!
TROJ_CMDRTACO.A
TROJ_CMDRTACO.A, or "TacoVirus," colloqually, spreads to all *nix users via coffee. Grinds, mugs, swizzle sticks -- anything coffee related may contain the TacoVirus. And it'll also be found in -- you guessed it, tacos.
The effect of the TacoVirus is minimal but noticable. A users spelling will be instantly transformed from "English" to "Eglihsn," which is to say a somewhat random mix of the correct letters in an incorrect order. User will also be unable to locate items such as "dictionary," "spell-checker," or "friend" to proofread writing.
There is no known cure for TacoVirus at this time.
If it was done by someone hoping to support linux, they certainly did a terrible job. If it was done by someone hoping to give Linux a black eye, (though an extremely small one) then they did.
This will be thousands of people's first exposure to "linux" and thanks to this, they will always associate it with being a virus of some type.
________
If only we were all so fortunate, here you go
Read my plan to save the Bengals
Hmmm... Maybe it is the silent helicopters overhead or all the people running arround with coppies of catcher in the rye... but this could be a conspiracy.
I doubt that any "real" linux user would bother to write a virus like that. I can see some script kiddie... maybe. Or... it could be some mega company out west that has an intrest in giving Linux a bad name. Infect a few machines, post it on your news site.
Why not? It is cheaper than adds that speak of how much better your (paid for) benchmarks are than Linux.
Like I said... only a theory.
-I just work here... how am I supposed to know?
If this said the same thing substituting Linux for Windows it would be marked as a troll.
No, it would be marked offtopic, since Linux doesn't plaster its name all over every application.
Now, if GNU, Gnome or KDE had been substituted for Windows then it probably would have been marked as a troll, since every program they make HAS to include their name as part of the program name (very similar to Microsoft), even to creation of strange names like GNU/Linux, Gnumeric & Konqueror (notice that most of the programmers have spelling habits similar to CmdrTaco when it comes to naming a project).
(remove tounge from cheek)
This space for rent. All reasonable inquiries will be entertained at proprietors discretion.