Slashdot Mirror
Feds Working to Stop Worms
mbenzi writes "This article from GovExec describes how the feds worked to prevent a worm that could have been orders of magnitude worse than Code Red. Short on details, but an interesting timeline."
← Back to Stories (view on slashdot.org)
Sure, maybe they'll be able to stop one version of this, but more'll just pop up in its place; it's similar to the **AA trying to kill P2P - there's enough ingenuity in people that want to do wrong that they'll never be shut down completely.
"some of the most brilliant hackers in the world"?
SInce when are Skript Kiddeez brilliant hackers?
This article is stupefyingly filled with crap.. the whole alliterative narrative to make a "worm" into something more than a program is scary. "Clones" rather than "copies" "larva" rather than "small". "zombies" "Slither" "poisonous venom".
Ye ghods.. is this a tech article, or color text for a M:TG card?
maeryk
Feminine Protection? What is that? A chartreuse flame thrower?
I had all sorts of witty comments to make on this, but I just deleted them because it's all too pathetic.
I guess the point is to impress on people that cyberspace, too, is just like a big ol' Hollywood movie with good ol' Uncle Sam well in control. Or something.
Whence? Hence. Whither? Thither.
to deal with the security problems that Microsnot will not. Ya gotta love it. Maybe they could send the bill to Bill and get a piece of his billions instead of taking so much of my family's resources and trying to fix everything on the planet. And now this too.
Why are we paying to have the government fix Microsoft's bugs?
Is is me or does this article read like the cross between a propaganda article, a typical narrative from a Batman TV episode ("Will our heros be able to complete the task? Stay Tuned Bat-Fans!!!"), and a recruitment Ad for the FBI, CIA, or any of the Armed forces?
Dolemite
Save the World! Use a Quote!
Is the only thing preventing total chaos in corporate and government IT infrastructures. Can anyone name one thing that is a greater threat to national security than Microsoft's software?
Ask me about my vow of silence!
Ye gads that was horrible. This has to be my favorite bit of hyperbole:
Worms were the most vicious new beasts to stalk the Internet.
I think Morris would have a few words of disagreement about that.
So, we have a section: Early July.
Then the next section: Second Week of July which starts
Weeks passed.
And, to top it all off we go over to McAfee and search and get the following:
Search Results
We found no records matching the following criteria:
Virus name containing "leaves".
This has to be BS of the first and worst order.
--- I wish I could hear the soundtrack to my life. That way I'd know when to duck.
Looks like this article was written for people who just barely understand computers. It has more buzzwords and made up buzzwords than I've ever seen in an article like this. The steps they outline are ahh, well, kinda a "Well no kidding." setup and the details pretty shallow.
Personaly, I think that this is nothing more than another smoke screen to make people feel safe that the gov will eventually do something about a technology they barley understand but "know" is dangerous.
Also, does anyone else think that even the gov were to take steps to stop any type of worm, that privatly owned companies horribly configured servers and over seas servers that are unpatch are going to get automagicaly fixed cuz the US Gov says so? This is just about FUD if you ask me.
You think it is a laugh. People who spend 10 or 20 hours a week (of their spare time, more often than not) tracking down these viruses and the criminals behind them probably disagree.
One of the largest IRC networks was recently humbled by attacks from worm-infected computers. Every other large IRC network deals with several new infections each week. It is only because the script kiddies (mostly) restrain their attacks to IRC, and because IRC admins go to great lengths to fight the worms, that more damage is not done by infected computers.
IRC networks are particularly easy targets, since each server is usually run by separate person or company, and the FBI is not interested in investigating cases unless $5,000 of damages can be claimed by one group -- never mind if there are one or two thousand infected computers that could be wiped out by a malicious kiddie. If the criminals get better at hiding their tracks or their commands, they may become more brazen and attack bigger targets.
Personally, I am glad that somebody in law enforcement is taking active steps to investigate and shut down these worms. They can actually punish the criminals behind the attacks. Private parties can, at most, disperse the botnet or terminate the attacker's account.
just this article reeks of doom-and-gloom "we need more funding!" crap directed at technophobic beaurocrats. It's just a puff piece.
Personally, I wish they'd spend a little bit of the money on public education. Start giving basic "Home Internet Security: 101" type courses in high schools so that the new crop of wIdiots have atleast a little backing in knowledge to take home with them. Maybe they can secure their parents machines and have an immediate effect on the state of things.
When you consider the sheer number of broadband subscribers in North America, and factor the number of them potentially vulnerable to any number of infiltration tactics, we can easily find ourselves facing 20k 1.5MBit connections. By my count, that makes for a LOT of aggregate bandwidth. DDoSs, information/identity theft are all infinitely possible.
This story only goes to foster the need for knowledge; all it takes is one, or a small group of concerted individuals who plan their attacks carefully, and the Internet can be crippled to a degree that we haven't seen thus far.
Corporations are another story. I believe firmly that they should be held fiscally responsible for the damage done at the behest of their bandwidth and servers. It's their responsibility to hire competent security personell to prevent attacks from using their larger-than-normal resources to aid in an attack. Maybe then competent IT people would suddenly find themselves facing thousands of job openings again, because it would be too expensive a risk for big companies not to have them on staff.
Every connection with an educated person at the helm who keeps track of security updates and is mindful of what they install/run is one less connection that can be used to attack those of us who do take this care.
</RANT>
BD Phone Home!
Shameless plug. Like you weren't expecting it.
It's funny to me that the Gov't thinks it's all high and mighty, then I do a search at Sophos.com and find that the "leaves" worm wasn't all that "Brilliant", it's just another W32 worm.
Quick Link: Here
Horray for the Gov't, they "prevented" (i'd rather say 'postponed') the Leaves Worm.
All he has to do is send a little e-mail of what the "code word" to activate the "zombies" and all Hell breaks loose.
IT Security Admins do this every day at work.
Just my 2 Cents
Seriously though, this publication is one of the most inflamatory, pro-fascist writings out there...it is sent, after all, to all the civil service workers, which is one reason the article is so lacking on technical data and spends a couple thousand words instead on attempting to simultaneously scare the shit out of whoever reads this b.s. and comfort the reader into coodling big brother as He rides in to save the day.
It's hard, but it must be done. Fine, it can take 5-7 years, but it needs to happen. (Swapping out some software is trivial in comparison to things like airport security and National Missile Defense)
The problem these stories show us is that the Federal Cybercops are spending all their effort to barely, occasionally control unfocused, amateur miscreants. Pranksters out for fun.
"cybercrime"
They should be hardening against attacks by state-sponsored saboteurs who are trained, funded, organized and motivated. Enemies who won't submit to arrest, and who won't flinch at B&E of a Colonel's house to bug his laptop. (Or take his password at gunpoint.) The attack won't be tentative or experimental- it won't come until the assailants are ready to apply it in force.
"cyberwar"
The government can't even keep casual "cybercrime" in check, inspiring no confidence that they'll do much better in a "cyberwar", which should be their main concern. (They've recently used the word "cyberterrorism", which only confuses matters)
Their current approach just creates a false sense of security. The sooner they scale it back, the sooner the public will start to demand & install truely secure computing, and the safer we'll all be.
Oh yes, very beneficial.
Jokers say that Linux contributors are doing free development for IBM. So now the US Government is doing free research for Microsoft.
The question is will the "Feds" be at least somewhat successful in their attempts to thwart future worms and other virii?
The answer is no. By squelching this "attack" (if they really did), they've just allowed Joe Public to continue postponing learning about putting his money into secure computer systems.
...would be sending UN coalition forces to Redmond Washington. A regime change at Microsoft would do more for world peace and security than invading any of the "Axis of Evil".
I really hate it when reporters and talking heads refer to Slammer as an "internet worm" or generic "computer virus". It's a freaking Microsoft hole. It's all about Bill Gates grabbing millions of people's butt cheeks and spreading them wide open like Goatse guy.
It is entirely plausible that Xupiter or something similar (who knows, even some nice popular game or operating system or email client) has code squirrelled away in it that could serve as the basis for a large scale network attack. This code could be very small indeed as it can bootstrap on system libraries or other, quite legitimate, code in the application.
If the Wrong People (tm) in the Axis of Evil or connected with International Terrorists had planted this code, it could easily be used to mount a serious attack (DDOS or otherwise), and the trigger could be a file on the Xupiter website, email to the users (the Bad Guys could collect email addresses at installation and not use them for anything till needed) or even a user comment on some commonly visited user discussion forum.
The payload does not even have to be in the distributed code - it can easily be fetched from a website someplace, loaded between infection and activation or even distributed to other websites during the infection phase. These websites would not even have to know what they are carrying - I've not looked at the structure of GPG signature blocks, but it is certainly possible that portions (at least) of the payload could be encoded in such or the like.
I know - this is true of most viruses - but putting a virus into a distributed application does make it less likely that it will be seriously scanned for a virus, and if it uses code not already identified by the virus hunters, or if it masks that code well enough it is quite likely to escape detection. I suspect that with some work I could construct a series of X86 instructions that would look perfectly reasonable, but that when XORed with the right sequence of bytes would produce virus code. Or the virus code could be distributed in all the legit code in sequences of a few dozen instructions at a time separated by jumps. Or...
If there were some reasonable number of users using the application (how many Ever Quest users are there? how many Xupiter toolbars are now sitting in people's browsers) and if the payload consisted of variants of other viruses (even identified ones) the large base of infected sites could lead to a massive and very threatening attack.
Xupiter would be an interesting vehicle for such a thing. Between the Xupiter license and the DMCA it would be illegal for users to try to examine the Xupiter code to find out exactly what it does (or might) do. Does the DMCA prohibit virus scanning on something? It certainly prohibits users from even trying to figure out if the program is benign.
Worse yet, Xupiter could use its periodic "update" checks as part of the trigger, plant the trigger on advertiser's web sites, or even use advertisers web sites as part of the attack/infection mechanism.
You've got to wonder - if the Axis of Evil is smart enough to build Nuquulur (TM - lets spell it the way the Leader of the Free World says it) Weapons are they smart enough to build (or rich enough to hire to build) a small group of people to build a network infrastructure attack. It probably would not kill a whole lot of people - but Death and Destruction are not the only tools of warfare.
I'm sure the 2 people who use this software are very happy it's flawless.
People find bugs in mainstream software because there's enough bulk to warrant exploiting it. If I wanted to create a worm I'd try and infect Windows or Linux boxes because chances are I'll be able to find more than one or two per IP range.
The Feds are saving our bacon! Bullshit.
See that crwod down there? I have to hurry up and catch them... I am their leader!
The "FEDS" are lucky to be able to tie their collective shoelaces. There may be 60 ppl "working" on security but the word "work" should more likely be translated to "worry".
The level of security we have is the same as someone walks down the street and is offered a pill by a complete stranger. So they swallow it.
This is not going to change anytime soon and the pain is going to have to get a hell of a lot worse before the public will react.
In the year 2002 3 of my friends got viruses. None of them has changed their bad habits. When they get hit real hard and it costs them a few 100 bux maybe some of them will consider a firewall.
So this articale makes me laugh!!!
Interesting indeed but the drama in the article felt somehow artificial. No doubt it was a big event, probably stressful but dramatic?
It gives me the feeling of a bad movie that portrays some ingenious computer code that will destroy the human race and just for kicks in has the 3d model of the univers, 3d clock running down and really cool animation to go with it.
I say, just write the article, matter of factly and don't give me that James Bond crap (I like Bond but you know what I mean). It's good for entertainment but no good for this.
I hate the fact that you people don't salute me