Slashdot Mirror
Four Kids Confess to Goner Worm
imrdkl writes: "4 kids in Israel have confessed to writing and distributing the Goner worm, according to Fox."
Yet another annoying worm comes and goes, wasting countless IT hours, to say nothing of bandwidth. The kids face up to five years -- of course since they aren't in the U.S., they might actually be punished.
After myself being called to fix a customer's sExchange (Yes, NT, I'm young and I need the money) server that barfed its guts on the floor because of this, you can hand them over to my IT dept, we really wanted to take them out back and flog them repeatedly last week.
Objects in the blog are closer then they ap
Comment removed based on user account deletion
Ok heres the basic cycle:
script kiddie/cracker/whatever create worm
worm gets out, spreading by point and click method
IT goes on about how bad this one is
Eventually worm dies and kids are caught
Big deal made over last worm causes more copycat type worms
Cycle restarts
Ok I mean thats pretty general, but goddamn if I'm not sick of all this. How about instead of going after the worm writers (they are not innocent but hear me out), why don't we try to at least educate the public into not opening things they don't know about. I mean what good does blackice and zonealarm do if someone opens a file and turns them off? The technology isn't the problem (except with IIS but thats whole different beast), its the people. Maybe someone (I know I'll be flamed as a bastard for this) should create a worm that actually fucks over the people that open it. Instead of making it so they download some roll-back registry fix, how about you just wipe out the registry? Why not make it so IE and Outlook have popup-adds with every page and email they view. What if the worm steals their emails and sends them to spammers list automatically? I mean obviously people aren't learning, or this crap wouldn't be happening over and over again. Yeah the people are victims blah blah blah... cry me a river. I've never had a worm, and never will. I'm not claming i'm smart or anything, but its common sense that an emailing "I'm asking for your advice" with a document that ends in scr or vbs is something that joe45@aol.com probably didn't mean to send me.
can't sleep slashdot will eat me
I agree with you, but the world doesn't.
In fact, if users did turn smart, both you and me might find it a lot harder to get jobs.
You see, computer geeks get jobs because we're supposed to be the ones who think about things like this. Hell, we're perverted enough to *enjoy* doing this nitty-gritty computer stuff. Joe Q. User just wants things to work. The user doesn't want to have to deal with anything. After all, the computer isn't their job, the computer is a tool to help them with their job.
So yes, I agree that in an ideal world people wouldn't be stupid and would know not to open unexpected attachments (and always scan everything anyway, and all that stuff). But the reality of it is that will never happened, and it just takes one person screwing up to let the worm wreak some degree of havoc.
Anyone have effective tools?
Public humiliation always worked well for me!
e.g. "Can you believe that old pervert in sales really believed that the chick in client servce sent only him an 'I Love You' message?"
While I wholeheartedly agree with your NRA argument, I don't think this analogy is very accurate -- you say that people who run the attachments (i.e. the victims) should be responsible; wouldn't that suggest that you want the gun shot victims to be held responsible, instead of the people who shot them?
At any case, I do believe that virus writers should be held responsible, but I don't think the solution is the so called "cyber crime" laws or anything that focuses on the means rather than the cause.
Bush Lies Watch
I don't agree entirely with what you write, since I assign the blame for things like this almost entirely to those who write the stuff in the first place. I'm sure you'll get plenty of other replies saying the same.
OTOH, you make a fair point about employee training. The small company where I work, a software development house, has had a few e-mail viruses mailed to it over the past year or two. It's interesting to note that these often get forwarded around the office, but invariably by non-technical staff. The developers and tech support guys and gals generally have the sense not to run blind attachments; the admin and management guys and gals are more trusting, and bite the bullet.
Our IT support guys have long had a record kept of exactly when everyone runs the anti-virus update they mail round every month. Recently, they've instituted a "leader board", which is mailed to everyone, showing who ran it fastest. It's an amusing little game for those of us who are sitting in front of our PCs anyway, but the really telling thing is the people who don't appear on the list at all (which is typically mailed around the afternoon after the update), i.e., those people who still haven't updated their systems several hours later. Guess who they are...
So, we have established that certain types of users are more vulnerable to this than others, and we know who they are. The next question, of course, is what to do about it. You can come up with any number of penalties, but how are you going to turn around and slap them on, say, the MD of your company (a repeated offender in our case)?
Personally, I always liked the "drill" approach. The IT guys occasionally create a Hotmail account or some such, and mail something cool-looking to a few random accounts at the company. If you run the attachment, it pops up a simple message on your screen informing you that if this had been real, you'd just have cost everyone in the company a day's work/sent abusive mail to your most profitable client/whatever. This isn't publicly embarassing, and it makes the point. It's certainly proven very successful in a couple of cases I know of.
You could complement that with a "three strikes" sort of rule. Anyone who falls for it gets a couple more spams shortly thereafter. Anyone who falls for it repeatedly has maximum security settings imposed on their machine thereafter. It will cause them hassle if, for example, they have to send or receive a genuine executable attachment, but such is the price you pay for keeping your systems secure from your own users as well as people outside. Better that than watching offensive mail go to those top five clients...
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
How about this.
You set up a simple script that by default, turns off accepting email with attachments on it. When a person in the company NEEDS to view an attachment, the script allows one email with an attachment through to his computer after he fills out a form and submits it to the script (the form is never actually read, but hmph).
This way, anyone who needs to see an attachment does and must know about it before hand. At the same time, it blocks attachment-outlook-stupidity viruses by disallowing them to shoot through the system on a normal basis.
Furthermore, any person IN THE COMPANY who sends an attachment to another person in the company that's rejected by the mail server because the recipient hadn't filled in the form has his or her email account locked for 24 hours to stop the virus from spreading.
Done. Finished. My thoughts.
>>BTW, I've read that in Israel white-collar crimes are punished more harshly than normal crimes. For example, if you commit copyright infringment you stand to spend more time in jail than a rapist. Can somebody confirm/deny this? (But then again, it looks like this is the way things are going in the US too with "hackers" being declared terrorists and all...).
No, no, no. After living in Israel for about a year, I can tell you that copyright infringement (especially cable/sattelite/software piracy) run rampant. I'd say around 80% of all software was pirated, and most people I knew stole either sattelite or cable television. In a country that's at war, piracy isn't the current priority on the ethics hierarchy.
the byproduct of years of oppression by the white man
any person IN THE COMPANY who sends an attachment to another person in the company that's rejected by the mail server because the recipient hadn't filled in the form has his or her email account locked for 24 hours to stop the virus from spreading.
Well, I know that if I told Stan from accounting I was going to send him a file, and in his normal scatterbrain manner, completely forgot about it, and subsequently had the attachment bounced and my account locked, Stan from accounting would lose his legs. But otherwise, this plan is good, if a little draconian. Maybe just filters against certain executable file types would be a better idea.
Well, doesn't that just prove that you guys really are the computer janitors?
... Yes ma'm, I'll be right over there to fix your computer, lickity-split)"
"Don't open executables morons", you guys snicker, "(except when you need to, which is all the time
There is a nice procmail filter (ftp://ftp.rubyriver.com/pub/jhardin/antispam/proc mail-security.html) that renames incoming attachments and makes them non-double clickable as well as pseudo scans office dcuments for dangerous macros.
The extra level of 'abstraction' (the user having to rename the file to run it) has saved us from every major email born virus in the past two years while still allowing people to get there precious attachments if they are expecting them.
--"Karma is justice without the satisfaction"
many call me before opening strange attachments. Most will call me if they did open one they thought was odd. That's a very good thing. I had one person get goner that day. I cleaned it off by hand, and the worst part was his computer is a pos p100 running 95 and very slow.
I saw people talking about having users upgrade virus software on their own. I never considered that because it'd never happen. Since most computers are NT, I just have the login script call a batchfile that stops the virus scan service, copies the upgrade files, and then start the service again (net stop/start is your friend). It does this everytime they log in. Since they're using ms products, I know that the virus signatures won't be more than 2 weeks old.
One fewer murder was committed in Florida a few years back because of the punishment if caught. I know this because I was the person who meditated on it, and decided not to go through with it.
The kids face up to five years -- of course since they aren't in the U.S., they might actually be punished.
Ok, I know I'll probably get marked as troll, but oh well.
The way I see, is these kids are kinda like Big Tobacco. They make something that's harmful, and the people that use it do so of their own free will, despite the countless warnings given out that they should not. It seems funny to me that the same people who think Big Tobacco shouldn't be punished, also think that any mischeivous kids should be severely punished. Well, that is unless it's their own kid.
These virus writers are doing a public service. Serious problems with our communications infrastructure might not be fixed if it weren't for them.
Imagine what could happen if the first exploits of these security flaws came, not piecemeal from a scattering of amateurs, but rather from some adversary who could call on the services of numbers of technically proficient individuals. A hostile government say, or a terrorist movement that drew in disaffected persons in many countries. What if the vast majority of business users had no idea of how vulnerable they were until the system suffered a massive failure?
There is an enormous learning process going. People are finding out the hard way, what they would never otherwise have the time to focus on: computers can fail, for very subtle reasons, and we are more dependent on them every day.
Comment removed based on user account deletion
Are you serious? Viruses/Worms today have the capability of disrupting economies all over the globe. They can cause millions to billions worth of dollars in lost productivity. Who are these crazy people who blame the users and think the authors are practically blameless? The users end up invoking the malicious program, but that's akin to a "clever" a-hole sending a well disguised letter/package bomb to someone with the return address of a friend and then blaming the recipient when they open the letter and it blows them up. Except that the person who's blown up would somehow also be sending letter bombs to every one they kept in contact with.
For everyone that thinks it's all about ignorance, here's to hoping you never get yours and end up somewhere on the globe where it's legal to sodomize random people. You're going to get it in the end.
At my company, we've implemented a mail filtering system (with procmail) that automatically mangles certain "dangerous" extensions. This way, the user can't just open the attachment directly, but instead must save it someone on their hard drive, rename it, and THEN run it. These extra steps usually make them give pause to the fact that MAYBE they really shouldn't be opening this attachment if they don't know who's sending them it. Also, they get to see the whole name of it when they are opening it since alot of mail clients will cut off the extension and just show "..." at the end if the filename is too long. We've just implemented this about 3 weeks ago and although we were physically sent the Goner worm, no one actually ran it because e-mail alerts had already been issued and because of the filtering at the server level.
I'm tired of people making apologies for not working as linux administrators or open source programmers. There are a goodly number of people in this world who make a living writing code for whichever system the managers deem fit, and a goodly number of administrators who administer a network full of whatever operating systems the business deems fit for survival. Why don't you wear your job with pride and be thankful that you are employed. There are others who aren't so lucky.