Slashdot Mirror


Yet Another Windows Worm

kraksmoka writes "MSNBC is reporting that yet another active worm is taking over computers in 115 countries today. 'Antivirus companies were on high alert Thursday after the rapid spread of a new computer worm that includes particularly malicious snooping techniques. Bugbear.B, a variant of a worm released last year, installs keylogging software, back-door software, and in some cases even attempts to control infected computersâ(TM) modems. Some of the wormâ(TM)s functions are designed to specially target financial institutions.' Yummy!"

9 of 726 comments (clear)

  1. Frustratingly typical day in the life of Microsoft by dtolton · · Score: 5, Insightful

    It's frustrating how many viruses Windows keeps getting slammed with.
    There are some people that will point to a Linux worm or virus here
    or there, but I run both Windows and Linux servers and there is
    simply no comparison with the amount of worms Windows based machines
    receive. Some people say it's because Windows is much more prevalent
    than the Linux, but there are a lot of servers running Linux now.

    The amount of work required to keep up with just doing updates has
    finally gotten to me. Last night I noticed my Windows server was
    sending packets like mad, suspicious I did a netstat -an, it was
    making connections to hundreds of other machines. Tired of this
    dance, I decided to just shut the windows server down. Maybe one day
    I'll patch it...then again, maybe I'll just leave it shut down for
    good.

    Interestingly, my GNU\Debian Linux box is happily sitting right next
    to it serving up pages. I haven't had to reboot it in ages, I imagine
    it will be running until a nifty new kernel comes out that I just
    have to have.

    See ya Microsoft.

    --

    Doug Tolton

    "The destruction of a value which is, will not bring value to that which isn't." -John Galt
  2. Re:Frustratingly typical day in the life of Micros by spurious+cowherd · · Score: 5, Insightful

    *tweet*

    time out.

    any admin who sets production servers to be "automatically updated" deserves to be terminated with prejudice.

    you test all patches before deployment.

    --

    Time flies like an arrow, fruit flies like a banana.

  3. Educate the user by Anonymous Coward · · Score: 5, Insightful

    The people that open these attachments aren't system admins. They aren't network programmers. They aren't even computer literate half the time. Most of the time they treat the computer like a magical device that mysteriously allows them to type and send mail very fast. My mom doesn't even know what a zip/exe/jpg file is. I think it is hard for us to imagine not knowing what we know about computers, but the fact is, that most people using computers don't know a fraction as much as anyone reading slashdot. In fact, most of these "virus" are technically trojans. They are all exploiting the ignorance of the user to mass infect others. There is nothing any operating system can do to stop this. If we were all running Linux, more people would be tricked into running as a SuperUser or Root or some other exploit virus programmers would find. In the end, it's not which is it the right operating system, but have we educated the person behind the machine.

  4. Re:Frustratingly typical day in the life of Micros by Osty · · Score: 5, Insightful

    And if they didn't repell attacks, that would be almost good too.

    Because there's nothing quite like a 100,000 machine-strong DDoS network of Redhat machines on cable modems. I hope you meant that if machines are not repelling attacks, then that would prompt bug fixes. However, as you see in the Windows world, most attacks are targetted at already-fixed issues. The machines that get infected are the ones that didn't stay up to date (or in lots of cases a few years ago, were running software they shouldn't be running, like personal Redhat machines running BIND because it was installed and started by default in an "install everything" scenario, the installation option used by most newbies because they're afraid of missing something during the initial install and not knowing how to install it later).


    No, successful virus/worm/hax0r infections are never desired. Better for the issues to be found by competent and moral ("moral" being that they don't use the exploit maliciously) people before a major virus or worm is written. There are excellent patch distribution channels for both Windows and Linux these days. People really should use them. And for production servers that don't use them because they need to do validation before deploying the fix, they need to get off their asses and do the validation. There's no excuse for a 2 year old bug causing issues now. That's 1 year, 11 months, and 3 weeks of laziness (assuming it takes about a week to do a validation and deploy the fix and any resulting changes).

  5. Re:windows vs *nix - un-informed is un-informed by Soko · · Score: 5, Insightful

    that's not really true though, since there are holes in windows that have been there since windows version 1. Sure there are holes in any program, but at least most of the unix/linux/macos viruses don't cause the computer to crash. In almost every case, unix/linux/bsd viruses are really just exploiting a single program.

    The point being...? Really, you have done nothing to assist our underinformed cyrax777. Let me help, please.

    First, causing the box to crash or not is irrelevant, as is what program allowed the compromise - a compromised machine is no longer yours. Time to re-install the whole machine.

    The reason *nix is much harder to infect in the first place is users run with user privileges, as do all the child processes that they create. Thus, the e-mail client cannot over-write any system files since it lacks the autority to do so. This is where "rooting" the box comes from - you need to elevate your normal privs to super user status in order to do any real damage. You can tell most *nixes that "This user account can never elevate it's priveleges", and it likely never will. System services, like say the Apache HTTP server, are usually set up to run as under-priveleged users as well, so compromising them leads to even more difficulty controlling the whole machine - there's very few opennings in the *nix security armour. In contrast, right now my XP laptop is running login.scr as SYSTEM. Yup, a screen saver with system level privs. IIS on NT/Win2K is the same way - out of the box it runs under the SYSTEM account. If one of these is compromised, it's not your machine anymore. Now you know where a lot of the issues with Windows security lie.

    This reflects one of the design philosophies of *nix: only give users the privileges they need, and have a huge, well defined wall between them and the system. Windows seems to come from the other end - give it all, and try to take away what's dangerous. IMHO, that's where Windows fails - miserably.

    Soko

    --
    "Depression is merely anger without enthusiasm." - Anonymous
  6. Re:Frustratingly typical day in the life of Micros by SN74S181 · · Score: 5, Insightful

    Here's a secret you might not know:

    On Unix/Linux Desktop systems there is nothing on the system as important as the user's data in his home directory.

    So the whole notion that trojans/worms etc. can't hurt the systems that 'mere users' will be using as there is more and more of a push to Linux desktop systems is just plain nonsense. If it wipes out an employee's whole writeable diskspace, it's done all the damage it could possibly do. Nobody cares that everything that rolled off the Install CD is still there and might even be pristine.

  7. Re:Frustratingly typical day in the life of Micros by Blkdeath · · Score: 5, Insightful
    Give it time. As Linux permeates industry and business it will start getting more attention from the virus writers. It's all a matter of ROI. Right now, attacking windows has a very high ROI.

    Which is exactly why so many worms target Apache rather than IIS.

    Batting down strawmen for 12 years and counting ...

    --
    BD Phone Home!

    Shameless plug. Like you weren't expecting it.

  8. Re:Frustratingly typical day in the life of Micros by Blkdeath · · Score: 5, Insightful
    On Unix/Linux Desktop systems there is nothing on the system as important as the user's data in his home directory.

    I don't know about you, but I administer systems with hundreds or thousands of users. It's *their* data I wish to protect, not that of the irresponsible schmoe who ran untrusted binary code.

    <OBSIMOM>
    But if they ask me nicely, maybe I'll keep that backup tape away from the degausser.
    </OBSIMON>

    --
    BD Phone Home!

    Shameless plug. Like you weren't expecting it.

  9. Re:Actachments by walt-sjc · · Score: 5, Insightful

    Why is this modded as a troll? It's the truth.

    I've been running a filter on email for about 5 years. Not ONCE has any of the email transmitted viruses / worms made it through, even to unpatched outlook and OE users.

    See John Hardin's procmail filter for a Very good example of how to do this.

    If you are running a corporate meail server and are not filtering for known executable extensions, you are a fucking idiot. Period. There is just no excuse to EVER allow unfiltered mail through. Would you put your corporate LAN on the internet with no firewall at all? Of course not, but by not filtering email, you have a hole the size of Yankee Stadium in your protection. It's like wearing a condom with the end cut off.

    The problem with anti-virus software is that it relies on the vendor to create and distribute filter definitions. It can take DAYS or WEEKS for vendors to identify a new virus, and create a definition, and for people to download the new rule set. This lag time is deadly. Antivirus software is a LAYER of security on email, but to rely on it alone is not enough.

    Security is a process, and a mindset. Everyone who knows anything at all about software knows that every program has bugs. All you can do is minimize exposure, and you do that with many layers of security. These layers don't have to be intrusive, but you need them to reduce your vunerabilities.

    Hey, if you want to bury your head in the sand and refuse to participate in security, that's fine with me. I charge by the hour.