Slashdot Mirror

← Back to Stories (view on slashdot.org)

WebTV/MSNTV Virus Dials 911

Posted by timothy on from the well-it's-only-a-minor-emergency dept.

Semji Rkim writes: "Though not the first virus to direct modems at 911, ABC News is reporting a bug in WebTV (Now branded as MSNTV) units which causes the infected unit to hang-up and dial 911. The virus spreads via email and Microsoft officials are looking into how it is able to replicate and also control the modem. Affected users are advised to delete the email and call Microsoft at 1-800-469-3288."

24 of 515 comments (clear)

  1. Can't be true by CodeWheeney · · Score: 5, Funny

    This can't be true. Microsoft just spent a whole month focusing on security. There must be some mistake.

    --
    C8H10N4O2 | Developer > Code
  2. This is serious by jandrese · · Score: 5, Insightful

    Tying up 911 lines costs lives. In many jurisdictions you can be fined for prank calling 911, especially if you are a repeat offender. WebTV users would be well advised to be very careful with their email until this problem is resolved.

    --

    I read the internet for the articles.
    1. Re:This is serious by Jonny+Ringo · · Score: 5, Funny

      WebTV users would be well advised to be very careful with their email until this problem is resolved.

      I'd one up you on that, and advise WebTV users to take their WebTV out to the back yard with a baseball bat. You know like on Office space.

      Then, call the MS 1800 number and say that you found a fix.

    2. Re:This is serious by HanzoSan · · Score: 5, Informative



      Yeah Its wrong to tie up 911 but 911 is the only number which could fit into the command string for ATH0.

      Yes its ATH0, not a virus.

      ATH0 Exploit

      ATH0 info

      --
      If you use Linux, please help development of Autopac
    3. Re:This is serious by murphj · · Score: 5, Interesting
      Quoted from parent's link:
      The patent was a "submarine" patent -- that is, one that issues long after others in the industry have begun using the same technique or technology ... The patent involved the timing of the escape sequence: The characters "+++" followed by a 1-second pause. To get around the patent, some modem vendors simply eliminated the pause, so that the sequence +++AT would bring the modem back to command mode in all cases.
      It's interesting that the only reason this works is that Hayes pulled the same trick Forgent is trying with JPEG.

      --
      SONY. Because caucasians are just too damn tall.
    4. Re:This is serious by TheMidget · · Score: 4, Funny
      You know like on Office space.

      But, if there's a fire at the office, you're supposed to call 911...

  3. Hehe... by brogdon · · Score: 4, Funny

    "911, what's your emergency?" "I've got a Microsoft product in my living room!" "What?" "I've got a Microsoft product in my living room! AIIIIGH!"

    --


    This tagline is umop apisdn.
  4. Don't be fooled! by quantaman · · Score: 4, Funny

    It's not a virus!
    It's just the poor MSN infected boxes crying out for help!!

    --
    I stole this Sig
  5. Voice of Stephen Hawking.... by simetra · · Score: 4, Funny

    When 911 operator answers, the virus plays a wav file, in the voice of Stephen Hawking's voice thing:
    "Help Me. I have Web TV. Help Me"

    --

    "Would it kill you to put down the toilet seat?" -- Maya Angelou
  6. ATH0 by HanzoSan · · Score: 5, Informative


    Any knowledgeable hacker knows about ATH0, it effects around 50 percent of 56k/33/28 modems.

    With this, I was able to hang up peoples connections and even make them dial phone numbers, you send the modem commands and because of a bug, the modems obey the commands.

    Its not a virus, Its something thats been going on for years, its an old trick/exploit.hack

    --
    If you use Linux, please help development of Autopac
    1. Re:ATH0 by Neon+Spiral+Injector · · Score: 4, Informative

      That's why good PPP implimentations escape the '+' character. And why smart people include "S2=255" in their init string. The S2 register defaults to 43. (The decimal value for the '+' character.) Setting it to 255 disables the the "+++" feature. Of course with out being able to go "+++" (wait) "ATH0" you need to be able to hang up the modem by manipulating the control lines (which most programs can do). Oh, I say "wait" cause good modems require a 3 second pause after the "+++" to enter command mode. I think that is how some modems go uneffected as you can't get the "+++" to be the only thing sent for 3 seconds and then continue with the commands.

      Ah the old BBS days. I remember some fool on the local board I hung out on had some crappy term program that would hang up if it saw "NO CARRIER" at the start of a line. Now why would a communication program issue an ATH0 after the carrier had been dropped?

  7. Colour me impressed by Aexia · · Score: 5, Funny

    that a virii could hack a MSN/WebTV unit *and* propagate itself to other MSN/WebTV users.

    Microsoft advises affected customers to delete the email and call 1-800-469-3288.

    Suggestion for next iteration of virus: dial this number instead.

  8. Re:Legal Consequences? by NanoGator · · Score: 5, Funny

    Well, if Microsoft presses charges, then it'll probably be 1 count for every computer they have whether it can run Windows or not.

    --
    "Derp de derp."
  9. How much longer until 1-900? by magicsquid · · Score: 5, Interesting

    How much longer will it be before unscrupulous 900 number operators enlist people to alter this virus to make it dial their numbers? Given that it takes a month to get a phone bill, the culprits can close up shop and move on long before anyone even realizes there is a probem...

    --


    "Chances of RHIC-induced Armageddon are exceedingly rare, but... you never know." - MIT Physicist Bob Jaffe
  10. Interm Solution by t0qer · · Score: 5, Insightful

    M$ sends an automated voice message out to all their subscibers. Either that or make all the access numbers just play this instead of sending any actual data.

    "Services will not be availiable today because of a virus that affects webtv users. The virus takes control of the webTV modem and causes it to dial 911. Please unplug your webtv unit from the phone line until we can fix the problem. Please call 555-1212 if you suspect your webtv has been affected"

    Clean up your mail servers. Install something to filter out the virus and any varients. Even the least tech savvy people will understand "It dials 911" and "Unplug your webtv"

    Just some advice.

    --toq

    1. Re:Interm Solution by t0qer · · Score: 4, Insightful

      I was for 7 years, the fact that lusers would never heed my warings, read the documentation, or flat out needed things repeated to them 20 times in a row made me decide to quit being the McDonalds coke and a smile "Hi How may I fix your computer today?"

      Near my 7th year, I became frustrated, started telling people how stupid I thought they were to their face (Usually after the 8th time of explaining something) And generally degraded into the self absorbed irritating prick that I am today.

      2 years later i'm still recovering. Where I used to fix my friends and families computers for free I now charge the shit outta them till they don't wanna come back. Everytime the phone rings my hair still stands up on end because i'm afraid of yet another person saying, "Hey toq just wanted to ask you a quick question!" No it's never a quick question, it's a gateway into a line of questioning not even the worse murderer would be subjected to in a police interregation.

      And you dare say was I ever a sysadmin, jeesh. I'd bet money I could w00p your arse in a contest of skills any day of the week. Trust me kid, you just haven't burned out yet, but you will. And when you do, that's where open source with the lack of stupid people and politics will be waiting.

      --toq

  11. Re:Legal Consequences? by Fjord · · Score: 4, Funny

    Just asking for a "friend", right? :)

    --
    -no broken link
  12. Re:Liability? by Peyna · · Score: 5, Funny

    You're liable for purchasing MS software, thus promoting them, and giving them money to produce said hole in their software. Your parents are liable for giving birth to you, but it wasn't their fault because the condom broke. Therefore, it is Trojan's fault, but it isn't their fault because it is Margaret Sanger's fault for promoting birth control. I can keep going if you like.

    --
    What?
  13. How... timely by 0xdeadbeef · · Score: 4, Insightful

    This, right about the time ax-Microsoftie security snake oil salesman is harping about the dangers to our infrastructure because of the Internet, and when Microsoft is promoting Palladium as the solution to its MUA scripting bugs.

    Coincidence? Probably. But geez, you can bet they will spin this to their favor. Instead of apologizing for their incompetence, they will use it as evidence of the dangerous new world we live in, and request us to please bend over for all their new security initiatives.

    Our infrastructure is under threat from hacker terrorists! The free world is at stake! Join up at your NET Guard recruiting office now!

  14. Re:Nice troll. by kwishot · · Score: 4, Insightful

    You're dumb.

    If you translate the commands into hex and send it as a ping it works:
    ping -p 2b2b2b415448300d -c 5 xxx.xxx.xxx.xxx

    By the way, 2b2b2b415448300d = +++ATH0
    The modem receives the command and doesn't even pass it up to the "higher" networking layers so it's virtually untraceable, as well.

  15. Well, it's a good thing by ZaMoose · · Score: 4, Funny

    It's great that the virus dials 911. I mean, my local Stonecutter lodgemaster told me only suckers dial 911.

    The real emergency number is 912.

    *grin*

    --
    I wish I had a kryptonite cross, because then you could keep Dracula and Superman away.
  16. My only hope... by erat · · Score: 5, Insightful

    ...is that the loser who made this all happen has a heartattack and can't get through to 911 emergency services because his/her own virus/hack/whatever is tying up the line.

    Sometimes these pranks go too far.

  17. The Big Question... by sterno · · Score: 4, Insightful

    If the person who wrote this virus has caused 911 to be tied up, and this has possibly caused somebody to die, would they be prosecutable under the new anti-hacker law that Congress put together?

    --
    This sig has been temporarily disconnected or is no longer in service
  18. And this is on a closed system by Animats · · Score: 4, Insightful
    This demonstrates the total failure of Microsoft's "authorized code" approach to security. WebTV is a completely closed system; it is designed to run only the code it comes with. Yet it has been cracked. None of the DRM-type "security" stuff Microsoft has been talking about would have prevented this.

    Since this apparently affects pre-Microsoft WebTV boxes, though, it may be in code from the original WebTV people in Palo Alto. But that was a long time ago. Microsoft owns it now, and has to take the blame.

    Is it actually running unauthorized code, or does the exploit just change what it dials?