Slashdot Mirror
Microsoft Instant Messenger Virus Sweeps Net
Sequence: Get messaged "Go To http://www.masenko-media.net/cool.html NoW !!!" or something similar with another URL. Follow the link. That webpage contains malicious code which gets your messenger contacts and sends a similar message to your contacts. It looks like it uses a vulnerability in formmail.pl as well, although I'm not exactly sure how (I'm not an expert in ECMAscript, sorry, and I have no systems that could possibly be affected by this to test with). I'm sure some of our readers can provide more information in the comments below.
There appear to be several webpages which carried the infected code, not just masenko-media.net. Some webmasters are already taking them down.
Sophistication: moderate. Damage: only your pride.
Solution: probably the latest mega-patch for Internet Explorer will fix the Microsoft bug that allowed this.
Risks: obviously, the code could have done worse than just messaging your contacts. With Microsoft making "messaging" an integrated part of the operating system, any flaws in it can be exploited to affect millions of people instantly, so it is a high-value target. Does it have commensurate high-strength security?
I assume this only affects the MSN client from Microsoft... correct? Or does this also affect other clients that can use the MSN network, like Trillian? If it is just a link to some virus code on a website, it would affect Trillian (because it actually doesn't propagate through the instant messaging program)... but if it is something that gets triggered inside MSN Instant Messenger, then Trillian users are safe...
Mark
So this sends the links to your contacts in IM and takes your passport email address and sends it to the http://www.yong.f2s.com/mailform.pl (or something similar).
Damage: not just your pride-- being bombarded with lots of spam? (I guess that is TBD)
LedgerSMB: Open source Accounting/ERP
until someone unleashes a virus that does some serious damage. If I was a "terrorist" hell bent on punishing the Western world for whatever percieved sins, I'd be learning how to make, or hiring programmers, to unleash a truely destructive virus.
It's been said many times before, but I'll say it again, any monoculture is far more vulnerable to attack than a diverse system. Relying on one system, be it Microsoft or even Linux, is foolish.
The destruction of the Microsoft monopoly is not just a matter of helping improve competition, it is a serious security matter. No amount of campaign donations or legal semantics should distract the government from its task of providing security.
* * Always question "the National Interest" - 9 times out of 10 it is a cover for evil
But /. is right, it is a Warhol virus : all the posters who reported this non-news got their 15 minutes of fame on Slashdot.
"Install the patch and be done with it."
Is that why I keep getting probed with NIMDA? Because people just install the patch and are done with it?
Remove the caps and hold to a mirror.
And while we're at it, this isn't a Warhol worm either.
I don't see the optimized scanning routine for initial propagation. I don't see a precompiled target list or any innovative ways to scan the network. And if you wanted to do maximum damage, you'd release it on a Friday night before this weekend.
Unless the spam from the formmail.pl script contains a very clever exploit to set the stage for a second round of infection, I'm calling this one a false alarm. It's an annoyance, but not a Warhol worm by any stretch of the imagination.
- Don't believe me? check out the IIS curve at Netcraft [netcraft.com] . What happened after Nimda and Code Red? IIS usage INCREASED.
IT purchasing decisions are made by people who are insulated from these problems but not from IT advertising. Ergo, this kind of problem has little to no effect on the IT market.-- @rjamestaylor on Ello
Why the hell does it take Microsoft so long to get patches onto Windows Update, which most users use to get their updates (those that look)?
Like, when I heard about the SNMP problem yesterday, I went to rhn.redhat.com, found an update for snmp, did a select all for all my linux boxes i adminster at work, scheduled them to be updated, done. I got look for an SNMP update for my Windows servers, none found.
It's just annoying... Microsoft has billions for R&D, takes weeks to get a patch out on Windows update, yet some kid can write autorpm that does the same kinda thing for linux in his spare time...
A default install of Windows XP has zero open ports and a firewall, too. It automatically downloads security updates, which should prevent this IE exploit from becoming widespread.
Maybe the problems you're talking about went away in Windows? For someone who is so up to date on Linux, you should learn a little about Windows before you bash it for past problems.
Microsoft software really doesn't have significantly more problems than any other software. Microsoft is simply a large target, and so many and more people spend much more time finding those holes (often for malicious purposes, sadly).
IE has the biggest marketshare, and Windows has the biggest desktop marketshare, but the reason that people attack Windows systems is it's easy. I wish people would stop kidding themselves with the market share excuse. MS software has serious design flaws which makes it very easy to exploit a flaw in the browser to extract data from the registry and mail that off to some email address. Under windows, that is easy, under Linux there are multiple different browsers, you don't know what email client might be available, there is no central place to grab system/user info and there is no easy way to automate the process. The same type of exploit is used over and over and over again, yet for every patch MS releases, someone finds a new way to write an exploit that uses the same basic method. How long, exactly, do you think it's going to take before Microsoft recognizes this and fixes the design flaws instead of releasing patches which amount to little more then sticking their finger in the crack in the dam?
It's funny. Most of the code for Windows looks like this. Windows is basically one big script. Everything it does, practically, is scripted. They were relying on the fact that most of the scripting is undocumented, but a simple browse to \windows\web and opening *.htt with notepad should show you how much of a problem this is. Even something as fundamental as file browsing is scripted. There will always be a way to exploit windows.
Cool! Amazing Toys.
A couple of things:
As someone thats "so up to date on windows", you should learn a little about it before you start to talk about it.
Everything has problems microsoft just puts the problems into the hands of people that cannot fix it, the end user.
"Not my manner of thinking but the manner of thinking of others has been the source of my unhappiness." - M