Slashdot Mirror


Yet Another Windows Worm

kraksmoka writes "MSNBC is reporting that yet another active worm is taking over computers in 115 countries today. 'Antivirus companies were on high alert Thursday after the rapid spread of a new computer worm that includes particularly malicious snooping techniques. Bugbear.B, a variant of a worm released last year, installs keylogging software, back-door software, and in some cases even attempts to control infected computersâ(TM) modems. Some of the wormâ(TM)s functions are designed to specially target financial institutions.' Yummy!"

19 of 726 comments (clear)

  1. Frustratingly typical day in the life of Microsoft by dtolton · · Score: 5, Insightful

    It's frustrating how many viruses Windows keeps getting slammed with.
    There are some people that will point to a Linux worm or virus here
    or there, but I run both Windows and Linux servers and there is
    simply no comparison with the amount of worms Windows based machines
    receive. Some people say it's because Windows is much more prevalent
    than the Linux, but there are a lot of servers running Linux now.

    The amount of work required to keep up with just doing updates has
    finally gotten to me. Last night I noticed my Windows server was
    sending packets like mad, suspicious I did a netstat -an, it was
    making connections to hundreds of other machines. Tired of this
    dance, I decided to just shut the windows server down. Maybe one day
    I'll patch it...then again, maybe I'll just leave it shut down for
    good.

    Interestingly, my GNU\Debian Linux box is happily sitting right next
    to it serving up pages. I haven't had to reboot it in ages, I imagine
    it will be running until a nifty new kernel comes out that I just
    have to have.

    See ya Microsoft.

    --

    Doug Tolton

    "The destruction of a value which is, will not bring value to that which isn't." -John Galt
  2. Re:and again by CausticWindow · · Score: 4, Insightful

    A much better solution than b), is to completely remove Outlook. Especially if you're only using it as a mail reader.

    --
    How small a thought it takes to fill a whole life
  3. Re:Frustratingly typical day in the life of Micros by TheGrayArea · · Score: 4, Insightful

    Give it time. As Linux permeates industry and business it will start getting more attention from the virus writers. It's all a matter of ROI. Right now, attacking windows has a very high ROI.

    --

    This space for rent.
  4. Commercial Idea by div_2n · · Score: 4, Insightful

    I am surprised Red Hat or some other company doesn't take advantage of heavy Windows worm activity.

    "Did you get hit by that new worm?"

    "No, I run Linux."

  5. Re:Frustratingly typical day in the life of Micros by a_timid_mouse · · Score: 4, Insightful

    Yes, but as with any *NIX, the damage Joe Luser can cause is significantly curtailed to their own userspace. The virus would need to take advantage of a root-level vulnerability to infect an entire machine. Not so with most Windows default configs.

  6. Re:Frustratingly typical day in the life of Micros by spurious+cowherd · · Score: 5, Insightful

    *tweet*

    time out.

    any admin who sets production servers to be "automatically updated" deserves to be terminated with prejudice.

    you test all patches before deployment.

    --

    Time flies like an arrow, fruit flies like a banana.

  7. For some value of "interesting," maybe by Motherfucking+Shit · · Score: 4, Insightful
    The article says that an infected machine will try to get on to the internet, and will try dialing the modem if it has to. Surely the most interesting machines are those with fast good connections - not people on crappy slow modems...
    No, the most interesting machines are those which aren't connected to the public network at all. The servers at your bank which track your balance, those mysterious "power grid" servers that HomeSec keeps spreading cyberterror FUD about, military computers with Top Secret documents, etc.

    These machines are unlikely to be interfaced with a public net at all, especially not sitting on a fat pipe; but many of them have to network _somehow_. Regular modems, ISDN, etc. aren't quite dead yet.
    --
    "BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
  8. Educate the user by Anonymous Coward · · Score: 5, Insightful

    The people that open these attachments aren't system admins. They aren't network programmers. They aren't even computer literate half the time. Most of the time they treat the computer like a magical device that mysteriously allows them to type and send mail very fast. My mom doesn't even know what a zip/exe/jpg file is. I think it is hard for us to imagine not knowing what we know about computers, but the fact is, that most people using computers don't know a fraction as much as anyone reading slashdot. In fact, most of these "virus" are technically trojans. They are all exploiting the ignorance of the user to mass infect others. There is nothing any operating system can do to stop this. If we were all running Linux, more people would be tricked into running as a SuperUser or Root or some other exploit virus programmers would find. In the end, it's not which is it the right operating system, but have we educated the person behind the machine.

  9. Re:Frustratingly typical day in the life of Micros by Osty · · Score: 5, Insightful

    And if they didn't repell attacks, that would be almost good too.

    Because there's nothing quite like a 100,000 machine-strong DDoS network of Redhat machines on cable modems. I hope you meant that if machines are not repelling attacks, then that would prompt bug fixes. However, as you see in the Windows world, most attacks are targetted at already-fixed issues. The machines that get infected are the ones that didn't stay up to date (or in lots of cases a few years ago, were running software they shouldn't be running, like personal Redhat machines running BIND because it was installed and started by default in an "install everything" scenario, the installation option used by most newbies because they're afraid of missing something during the initial install and not knowing how to install it later).


    No, successful virus/worm/hax0r infections are never desired. Better for the issues to be found by competent and moral ("moral" being that they don't use the exploit maliciously) people before a major virus or worm is written. There are excellent patch distribution channels for both Windows and Linux these days. People really should use them. And for production servers that don't use them because they need to do validation before deploying the fix, they need to get off their asses and do the validation. There's no excuse for a 2 year old bug causing issues now. That's 1 year, 11 months, and 3 weeks of laziness (assuming it takes about a week to do a validation and deploy the fix and any resulting changes).

  10. Re:Conflict of intrest... by bstadil · · Score: 3, Insightful
    Well Symantec is not above Conflict of Interest.

    They consistently overplay the danger of computer infections, as the more scared people are the more biz they will make.

    Look at their adds and see what scare tactics they use.

    --
    Help fight continental drift.
  11. Re:old bullshit. by nathanh · · Score: 4, Insightful
    Yet I don't see anything breaking down mutt, pine, balsa or even Mozilla's email client.

    Pine has had a number of problems with maliciously coded attachments. These were real-world exploits, not theoretical ones.

    Linux isn't immune from viruses - email or otherwise - even though in practise it suffers less. The troll before you was telling a half-truth when he claimed that Linux is safer because (a) everybody loves Linux even though (b) nobody uses it. Those two factors are real and they do contribute; it's silly to deny it. However there are dozens of other factors, eg:

    • Less integration between desktop apps means fewer unexpected side-effects. Expect this to change for the worse as KDE and GNOME add more features.
    • Better designed server apps: I believe that in general Linux (and UNIX) have server apps that were designed with security in mind. Though there are always exceptions.
    • Greater diversity in hardware and software platforms; makes it much harder to write a UNIX virus and it's much harder for a poorly written virus to spread.
    • ...

    Protecting Linux against viruses is one of those "eternal vigilance" things. Don't get smug because Linux is relatively free from problems today while Windows is copping a flogging. Yes, I think Microsoft brought most of it on themselves and yes, I think Linux (and UNIX) is more immune by design. However I think it's naive to think that things will stay like this forever. Linux viruses are on their way. Be ready to eat your words in 5 years time when Linux becomes more popular and Linux viruses become commonplace.

  12. Re:windows vs *nix by Parinioa · · Score: 3, Insightful

    The main reason why *nix boxes don't have anywhere near the number of virii infect them is because the average *nix user has had to set the box up themselves and had to go through the learning curve that is involved in that. Anyone who has got enough knowledge to set up a *nix box (and in reality most people that accually are able to install windows) have enough general computer sence to not catch virii. I personally hate virus scanners as they just take up my resources. Periotic scans let me know that I am not just overconfident that I am invoulnerable, but infact paying enough attention to what I do on a regular basis to delete the emails with attachments like 'happy99.exe' even though I don't in truth _know_ that it is in fact a virus. *nix isn't really a safer OS from virii, it just has a better trained user base.

  13. Re:windows vs *nix - un-informed is un-informed by Soko · · Score: 5, Insightful

    that's not really true though, since there are holes in windows that have been there since windows version 1. Sure there are holes in any program, but at least most of the unix/linux/macos viruses don't cause the computer to crash. In almost every case, unix/linux/bsd viruses are really just exploiting a single program.

    The point being...? Really, you have done nothing to assist our underinformed cyrax777. Let me help, please.

    First, causing the box to crash or not is irrelevant, as is what program allowed the compromise - a compromised machine is no longer yours. Time to re-install the whole machine.

    The reason *nix is much harder to infect in the first place is users run with user privileges, as do all the child processes that they create. Thus, the e-mail client cannot over-write any system files since it lacks the autority to do so. This is where "rooting" the box comes from - you need to elevate your normal privs to super user status in order to do any real damage. You can tell most *nixes that "This user account can never elevate it's priveleges", and it likely never will. System services, like say the Apache HTTP server, are usually set up to run as under-priveleged users as well, so compromising them leads to even more difficulty controlling the whole machine - there's very few opennings in the *nix security armour. In contrast, right now my XP laptop is running login.scr as SYSTEM. Yup, a screen saver with system level privs. IIS on NT/Win2K is the same way - out of the box it runs under the SYSTEM account. If one of these is compromised, it's not your machine anymore. Now you know where a lot of the issues with Windows security lie.

    This reflects one of the design philosophies of *nix: only give users the privileges they need, and have a huge, well defined wall between them and the system. Windows seems to come from the other end - give it all, and try to take away what's dangerous. IMHO, that's where Windows fails - miserably.

    Soko

    --
    "Depression is merely anger without enthusiasm." - Anonymous
  14. Re:Frustratingly typical day in the life of Micros by SN74S181 · · Score: 5, Insightful

    Here's a secret you might not know:

    On Unix/Linux Desktop systems there is nothing on the system as important as the user's data in his home directory.

    So the whole notion that trojans/worms etc. can't hurt the systems that 'mere users' will be using as there is more and more of a push to Linux desktop systems is just plain nonsense. If it wipes out an employee's whole writeable diskspace, it's done all the damage it could possibly do. Nobody cares that everything that rolled off the Install CD is still there and might even be pristine.

  15. LookOut, end users, and mad cash. by Lord+Prox · · Score: 3, Insightful

    Note: Not a flame to parent post...

    now if they'd only bought the firewall solution from us that stripped email attatchments based on mime type and/or file extension

    I have had it up to here (pointing to head) with all this BS with email worms/virii and the media. They are not email worms, they are Outlook worms. I could sell someone an attachment stripping solution but that is irritating. For every bug it strips out it will strip out a legitmite file as well.

    I just don't know what to do with people... Every time one of these god damn things coms out, my phone starts ringing off the damn hook, hell I can't even get a straight 8 hrs sleep... (one dis-advantage of home office) and every time I tell people the same damn thing. Outlook is a worm/virus magnet. Don't use it. There are many others. Bad people target Outlook for a reason, don't give them the oprunity to hit you. Its that simple. And always check attachments before running them regardless of what email client you are useing or who it came from. But they just don't listen. Do they think I am full of BullSchnitt or is being used to infection and calling me easier than learning a new mail client.
    Does anyone have an idea of why end users use the software they use in the face of all the reasons/reccomendatios not to?

    Came with machne so it must be good?
    Everyone else uses it?
    What?!?!

    On The Other Hand..... I wil be making lots of cash in the next week... so mabey I should not be complaining :)

    For every person that finds the silver lining of that cloud, there are 100 that just died from lightning

    1. Re:LookOut, end users, and mad cash. by dcmeserve · · Score: 4, Insightful
      It's always so entertaining to me when one of these things starts spreading around. I use a text-only email client (mutt) on a linux system. True, I do have to explicitly save attachments to files and then go view them with the appropriate separate program, but that's actually a rare occurence. 99% of the time it's bare text anyways, and mutt is a really fast way to scan through them all -- no slogging around with a mouse. And I don't have to worry about looking at an email that might be spam either.

      Of course, I know the majority of people will never want to do this. Which means I can maintain my air of smug superiority indefinitely. Ha!

      --
      "Orthodoxy is unconsciousness" - Orwell
  16. Re:Frustratingly typical day in the life of Micros by Blkdeath · · Score: 5, Insightful
    Give it time. As Linux permeates industry and business it will start getting more attention from the virus writers. It's all a matter of ROI. Right now, attacking windows has a very high ROI.

    Which is exactly why so many worms target Apache rather than IIS.

    Batting down strawmen for 12 years and counting ...

    --
    BD Phone Home!

    Shameless plug. Like you weren't expecting it.

  17. Re:Frustratingly typical day in the life of Micros by Blkdeath · · Score: 5, Insightful
    On Unix/Linux Desktop systems there is nothing on the system as important as the user's data in his home directory.

    I don't know about you, but I administer systems with hundreds or thousands of users. It's *their* data I wish to protect, not that of the irresponsible schmoe who ran untrusted binary code.

    <OBSIMOM>
    But if they ask me nicely, maybe I'll keep that backup tape away from the degausser.
    </OBSIMON>

    --
    BD Phone Home!

    Shameless plug. Like you weren't expecting it.

  18. Re:Actachments by walt-sjc · · Score: 5, Insightful

    Why is this modded as a troll? It's the truth.

    I've been running a filter on email for about 5 years. Not ONCE has any of the email transmitted viruses / worms made it through, even to unpatched outlook and OE users.

    See John Hardin's procmail filter for a Very good example of how to do this.

    If you are running a corporate meail server and are not filtering for known executable extensions, you are a fucking idiot. Period. There is just no excuse to EVER allow unfiltered mail through. Would you put your corporate LAN on the internet with no firewall at all? Of course not, but by not filtering email, you have a hole the size of Yankee Stadium in your protection. It's like wearing a condom with the end cut off.

    The problem with anti-virus software is that it relies on the vendor to create and distribute filter definitions. It can take DAYS or WEEKS for vendors to identify a new virus, and create a definition, and for people to download the new rule set. This lag time is deadly. Antivirus software is a LAYER of security on email, but to rely on it alone is not enough.

    Security is a process, and a mindset. Everyone who knows anything at all about software knows that every program has bugs. All you can do is minimize exposure, and you do that with many layers of security. These layers don't have to be intrusive, but you need them to reduce your vunerabilities.

    Hey, if you want to bury your head in the sand and refuse to participate in security, that's fine with me. I charge by the hour.