LovSan Clone Let Loose

JMullins writes "According to Kaspersky Labs the LovSan virus has been re-released in a new form that has changed the appearance of the worm. It looks like the outbreak continues to get worse and worse, with no real end in sight until people can patch their systems. Net slowdowns are expected over the weekend when both versions of the virus start their attack."

That's media reporting for ya

[NanoGator]

"It looks like the outbreak continues to get worse and worse, with no real end in sight until people can patch their systems."

To be fair, the media's not going to be interested in reporting that it's not as bad as it seems.

(Note: I'm not saying it's not that bad, I'm saying don't trust the media to tell is its dying.)

Re:That's media reporting for ya

[Pharmboy]

Well, to be honest, if it didn't sell, the media wouldn't report it that way. People LOVE catastrophe and doomsday predictions, for some odd reason.

On a similar not, I am witnessing tv hype disaster now. All the power is out in NY, and people have been calmly walking down the street to leave town. Others are "volunteering" to direct traffic, and people are obeying. People are out together in the street with candles, checking on neighbors, almost everyone is calm, even tho with the power out, getting news in was slow and difficult (like 9-11, but much milder). Sure, some will take advantage of the situation, but burglaries happen every night. On the whole, I am pleasantly surprised at how well organized it is, and how well its going so far. Its a success story on dealing, again.

Yet the news channels are TRYING to make it out to be worse than it is. They are saying how people are mad and want to know why this happened, but they can't SHOW someone saying that, they just report that its true. fox/cnn all the same.

The real irony is how calm everyone is, how they are seem to have a "oh well, can't help it, no reason to freak out" attitude even while the news reporters are almost trying to get them to.

It's a little fishy

[Exiler]

that an antivirus lab announced that a new clone was on the way, not spreading but on the way.

Re:And while you all get easy 5, funnies.

[NanoGator]

"Linux has its own problems. But you mod them -1 under the rug until the fsf site gets hax0red. troll but true. "

That was true like a year or two ago, but since this has come up I've been amazed at how things have changed here. It's not that it's turning pro-Microsoft, but the "Everything Linux does is perfect" attitude has settled back down to realistic levels.

I agree with you, though, Linux is a root password away from being ssh'd to hell.

The Internet is not Secure

[blair1q]

How many times do people need to be told this?

Let's see here

• FSF FTP site gets hacked. Some people are mined for passwords.
• A significant proportion of all desktop machines on the internet are compromised by a self-propigating virus, and the internet is affected by the sheer quantity of traffic generated by the worm.

I think there's a slight difference of scale there.

Re:Ugh, lazy patchings

[Pompatus]

I agree that everyone should at least check out windowsupdate.com every once in awhile, but I am always hesitant to update my windows box. Windows Media Player 9??? Don't need it, don't want DRM. What about SP1 deactivating xp installs with pirate serial numbers? I've had DirectX updates that actually crashed previously working games (not lately though, gotta say that's getting better).

I like to wait to update my box for about a week or so to see if there is any outcry about some nasty thing Microsoft slips into the update. I'll bet I am not alone. As far as Blaster is concerned, I rely on independant firewall and antivirus applications to deal with these threats. IMHO it works better than relying on MS to secure their OS.

We should be thankful for this worm

[FuzzyDaddy]

Given the size of the vulnerability (all windows systems connected to the internet, regardless of whether you're running any applications), we should be thankful this worm came out so everyone will get out and patch their system.

If this worm didn't exist, the systems would remain unpatched until some much more destructive exploit was distibuted (say, deleting all your files).

Think of it as vaccination - a mild form to shore up our defenses, so a killer form doesn't get us.

Re:Ugh, lazy patchings

[wfberg]

You're wondering why a REMOTE Procedure Call service is exposed to the network? There's no good reason for a REMOTE Procedure Call to be exposed to the network?

127.0.0.1/16? sure! The LAN, (192.168.0.0/24 or 10.0.0.0/8, perhaps some Link-Local/Broadcast addresses..) perhaps. The entire INTERNET? No fudging way, man!

Other MS weirdness; I have filesharing turned on. It's only associated with the LAN card's TCP/IP stack (NOT the PPTP (DSL) connection's TCP/IP stack). Nevertheless, were it not for my spiffy firewall software thingy you'd be able to access it from the internet! Yippee..

I used to work at an antivirus company.

[morven2]

While some companies in the AV industry have shown (ahem) questionable ethics in the past, I think it's stretching to say they WRITE the viruses, rather than just hype them.

For one thing, there are plenty of idiots out there quite willing to write a virus for free.

For another, if the viruses/worms/trojans were written by the AV firms, they'd be MUCH better. My co-workers and I would regularly discuss how one could, hypothetically, write the ultimate virus ... some of our ideas would have been quite evil indeed. And most of us were pretty good programmers.

Contrast that with the true nature of most successful 'in the wild' viruses -- most of which aren't that well written ...

Is *nix that much more secure?

[sanx]

OK - maybe this is a -5 Flamebait here, but here's a couple of my thoughts.

The desktop world is ruled (by numbers, anyway) by Microsoft. Any potential malware s'kiddie can knock together some malware in a few hours, dump it into some unsuspecting newsgroup somewhere or email it to his Outlook-using mates and start an epidemic relatively easily. The sheer number of vulnerable machines makes that easy.

The installed base of Windows boxes also means that, despite MS not opening up their code to anyone (except governments and universities willing to sign away their first-born as insurance against breaking the NDA), large numbers of people spend vast tracts of time throwing McValue Meal-sized URLs at web-servers and mutant packets at RPC interfaces.

Lots of people x Lots of time x Lots of machines = lots of vulnerabilities found...

Now consider *nix. It has a number of advantages straight off the block:

1. It's open source. Code that finds its way into the kernel goes through the best peer-review system available; public scrutiny.
2. Generally, the people who run *nix are more tech-savvy than an average Joe Blow.
3. Any vulnerabilities that are found get acknowledged and fixed very quickly.

But what would happen if *nix had the sort of desktop penetration that Windows does? How quickly would the kind of person that thinks a computer case is called a 'hard drive' apply a *nix security patch? If *nix was that popular, how many more people would devote vast tracts of time to finding obscure security holes and vulnerabilities?

Just a thought. Now flame away ;)

Microsoft.com is down, as is Windowsupdate !

[mgpeter]

I was updating a couple computers tonight, and at 10:20 Central Time, windows update worked great. At 10:30 windows update and microsoft.com website is unaccessible.

Nothing, Nada.

I guess in a weird sort of way, its ironic.

Re:gotta say it

[PhxBlue]

Right, Bill Gates personally wrote this worm and released it into the wild.

I'm no fan of Microsoft, but cut them some slack. They released a fix for this vulnerability two months ago. If people are still vulnerable, it's their own damned fault.