Slashdot Mirror

← Back to Stories (view on slashdot.org)

IRC Networks Unite in Fight Against Fizzer Worm

Posted by michael on from the why-cliff-got-klined dept.

Dave writes "Over the past few days, IRC Networks across the internet have felt the brunt of the Fizzer worm. In an unusual display of geek solidarity, representatives from dozens of IRC Networks, including EFNet, IRCNet and DALnet, have gathered to create a Fizzer Task Force. Interesting, and mostly productive results have occurred so far from such a meeting of the IRC minds."

17 of 314 comments (clear)

  1. As Well They Should ... by AlabamaMike · · Score: 5, Insightful

    Not to point fingers, but as we all know IRC networks are a major conduit for the distribution of warez. I'm not living in a glass house here, so I'll admit that I've gotten viruses from "packs" downloaded through IRC networks. It's good to see that these guys are coming together and helping to stem the spread of this virus. Unfortunately, I've heard nothing from the KaZaA guys in this line, and they are probably much worse than the IRC people (all their clients are Windows platforms, most of their users are completely clueless, etc.) It takes some skills (not much, but some) to get stuff off IRC. Any jackass can download from KaZaA. That's where the real work needs to be done in order to stop this virus cold.
    -A.M.

    --
    Pimpin' all the Karma Hoes!
    1. Re:As Well They Should ... by DNS-and-BIND · · Score: 5, Funny

      We really need to shut down USENET as well, as it's a major conduit for the distribution of warez. FTP is also a big problem. The world wide web is a major, major conduit for the distribution of warez. And don't even talk to me about filesharing networks...all major conduits for the distribution of warez.

      --
      Shutting down free speech with violence isn't fighting fascism. It IS fascism!
  2. *Ahem* by guacamolefoo · · Score: 5, Funny

    From Symantec:

    Systems Not Affected: Macintosh, OS/2, UNIX, Linux

    Heh. Clearly the work of an evil genius.

    GF.

    --
    Lots of petrified grits
    1. Re:*Ahem* by fred666 · · Score: 4, Informative

      *NIX/Linux systems can be at risk if you're using a misconfigured wine.

      Seriously, wine is getting better every month and can run a wider lot of window$ software, it is not surprising that it will (could?) run windows worms/viruses (which are software written by human after all) and put our supposed-virus-free-OS [insert your preferred flavour of unix here] at the same level of risk than windoze users.

      Please think about it if you install such a software...

  3. Re:method by Lxy · · Score: 4, Funny

    It's YAOW (Outlook Worm). Same drill, you open an infected attachment, it copies itself to the address book as well as installs its payload.

    Dammit, when are worms going to get interesting again? This "exploit the hell out of Outlook" routine is getting old.

    --

    There is no reasonable defense against an idiot with an agenda
    :wq
  4. PEBCAK by Kjella · · Score: 5, Insightful

    Problem Exists Between Chair And Keyboard. To the very best of my knowledge I haven't been infected by any virus or trojan since the early 90s when I didn't have Internet access and fast virus updates.

    But even running around nekkid, I don't think I'd have caught more than a handful of viruses to begin with. Why the hell is it that people open up all the crap executable stuff they get? I think the best hope is a new generation that has grown up with SPAM, viruses etc. and don't fall for that kind of bullshit. Teaching old dogs new tricks doesn't work, but they will die eventually...

    Kjella

    --
    Live today, because you never know what tomorrow brings
    1. Re:PEBCAK by Ed+Avis · · Score: 5, Insightful

      The best hope is a user interface that clearly distinguishes between *running a program* and *opening a document*. Windows over the years has deliberately blurred this - even in Win3.x Program Manager the command to run an application was called 'Open'. Cute, but it doesn't help people learn the difference between documents, which are just data that can be viewed, and programs, which are instructions for your machine to perform.

      You may object that things like Word macros (and their associated viruses) blur the line between files and executables. But that is another instance of the same problem: 'opening' such a document should be split into the two questions it implies: do you want to *view* the file contents? do you want to *execute* the instructions in the file?

      If user interfaces and especially mail clients bothered to present this distinction to the user then a lot of the worm problems would go away. Some people would still have virus checkers, mostly companies who don't trust their employees not to execute dancing_elephants.exe. But even in those cases, it would be simple to lock down mail clients to not allow execution, as long as they bother to make a clear distinction between viewing and executing to start with. (And as long as the applications they launch, such as Word, do the same.)

      One way of explaining this in non-technical language is: 'If I sent you a letter and it said "please jump off the nearest cliff" and you read it, would it do any harm to you? Why should the equivalent message sent to a computer be any different?'

      --
      -- Ed Avis ed@membled.com
    2. Re:PEBCAK by Ummagumma · · Score: 4, Insightful

      Replace the word 'computer' with the word 'automobile' in the following sentance:

      "Users should *not* have to be scared of using their computer. The computer should simply stop them from doing anything wrong."

      Now how do you feel about that?

      I'm not agreeing or disagreeing with you here - just food for though.

      --
      "The natural progress of things is for liberty to yield and government to gain ground." - Thomas Jefferson
  5. Not your usual "task force" by mao+che+minh · · Score: 5, Funny
    No, there are no physically adept and good looking individuals complemeted with the obligatory "tough guy". No Tommy Lee Jones-like leader, bravely charging into danger. No electronics laden vans and phone taps. Just a bunch of pasty guys that are experts on Star Trek lore and like to debate the power of Perl.

    "task force"

    Heh

    1. Re:Not your usual "task force" by CharlieO · · Score: 4, Insightful

      Yeah but those pasty guys that are experts on Star Trek lore and know wierd backwaters of Perl can also remove your systems/isp/country from the net without breaking into a sweat.

      And trust me you can cause more pain to more people by dumping thier net connection than you ever could with a swat team.

      First there's the pain for lusers that find thier mail IM and file swappers don't work, then there's the pain in the call centre when harrased techs try to explain to consumers what's going on, then there's the pain felt by the BOFH's with management hovering over thier shoulder, then there is further pain caused by the many minor bumps and niggles and repeats as the systems cope (or not) with the backlog built up in the down time. And after all that, if it was a good one, there are the recriminations on support boards, the calls for compensation, customers leaving, no end of replanning from the management team.

      Ahhhh

      The beauty is that a good DDOS is a gift that just keeps on giving.

      Truly Cthulhu is amongst us :)

  6. Re:mIRC by shadowjk · · Score: 5, Informative

    This does not affect mIRC or any other IRC Client, at all.

    The fizzer worm that's currently spreading, spreads through outlook and Kazaa. It also has a IRC backdoor, through which presumably the virus author can access infected computers. This IRC backdoor connects to a list of several irc servers, and sit in a channel.

    As the number of infected computers (Please people, update your Anti Virus software!) is growing, this puts a higher load on the irc servers. This is what it's all about, to find a way to get rid of the trojans from the servers, so that nobody can abuse them for DDoS or looking for CC numbers or other private info on infected machines, in a way that doesn't put too much stress on the IRC servers.

  7. Re:mIRC by alien88 · · Score: 4, Interesting

    As it stands right now, the worm was poorly coded or released into public early. The IRC client is pretty much useless - it doesnt have any commands and you can't do anything with it.

  8. Re:okay, time to update by ejaw5 · · Score: 4, Informative

    AVG AntiVirus Free Edition is available here: http://www.grisoft.com When I used to use windows, AVG was IMO the best antivirus out there in terms of speed and detection, compared to mcAfee and norton.

    --

    $cat /dev/random > Sig
  9. Re:mIRC by pecosdave · · Score: 4, Insightful

    I would say better products actually pre-exsisted all the examples. The difference it marketing, cost, and positioning. Mac OS and maybe the Amiga I would say were better than Windows and pre-dated it for the most part (yes I know how far back Win 1.1 went, but I mean when people actually cared it exsisted). Netscape was definately better than IE up until at least 4, I would argue 5. As for email, Eudoras not newcomer. People are lazy and/or uneducated for the most part. They had no desire to expand beyond what their computers came with or didn't know how. The way Windows had it integrated it certainly looked(s) like that was the proper/only way to do it. Bribing/strong arming the ISPs didn't hurt eaither.

    --
    The preceding post was not a Slashvertisement.
  10. Re:mIRC by bongoras · · Score: 5, Funny

    AH HA!

    That is compelling evidence, of course... the virus was written by Microsoft. Next week they plan to release Fizzer XP Service Pack 1 which will fix those issues.

  11. Info by Anonymous Coward · · Score: 4, Informative

    For those unaware of what the Fizzer worm does and stuff. You can find most stuff here.

  12. Re:Missing from the discussion so far: by SailorFrag · · Score: 4, Interesting
    While we know that Fizzer only operates on the Windows platform and uses the Windows address book to mail itself, it also tries to use Kazaa to spread itself further.

    Actually, it doesn't use the Windows address book. I know this because I (under firewalled, very controlled conditions) ran it to see how it worked. One thing I noticed is that it was sending e-mails out to addresses I did not know. That computer does not have an address book, nor any outlook express smtp/pop3 server settings (I never configured it).

    Though the track record of OE and its address book is pretty bad, it isn't always to blame.