Slashdot Mirror
LovSan Clone Let Loose
JMullins writes "According to Kaspersky Labs the LovSan virus has been re-released in a new form that has changed the appearance of the worm. It looks like the outbreak continues to get worse and worse, with no real end in sight until people can patch their systems. Net slowdowns are expected over the weekend when both versions of the virus start their attack."
Actually, I'm wondered why the heck RPC service is allowed to be exposed to the internet interface in the first place. There is absolutely no good reason for Microsoft to design it this way. Sure, I could understand it being useful for corporate networks, but to leave it on and not allow you to turn it off is ridiculous.
This isn't so much about security as it is poor design on the part of microsoft leaving so many useless services exposed to the internet.
OK you'd have to be a cyber terrorism nut to believe the power blackouts were caused by the virus but some friends at Con-Ed have told me the virus isn't totally innocent, apparently the trouble ticketing / work management system some of the affected power companies are using is running on a load of windows servers and not all of them managed to get patched in time. So the recovery operation is being hampered a bit by the worm.
And I thought those guys were just exagerrating things.
Point taken, but badly stated. The FSF cracking incident was due to an application that runs on Linux, and does not ship with most Linux distributions--it has to be intentionally downloaded and installed.
So are we going to start adding all securities in third-party apps that run on Windows to the "Windows vulnerability" list? That's crazy.
Linux is a kernel, yes. But the fact that it's available in that form if that's all you want is an advantage, not a technicality. Try getting Windows without a GUI, or SMB.
This is getting extremely annoying - I'm still getting hits daily from Code Red & Nimda. I'd like to personally line up each person who hasn't patched thier system and slap them.
Along with the idiots at microsoft who don't make updates for IIS available though windowsupdate. (in my experience, ymmv.) C'mon, it's shipped with the OS, you've got automatic updates on by default, so make them patch the goddamn webserver.
> i saw the news about the second (and third) versions and i just wondered if these (all three) we just a distraction. i wonder how many people looked for an awfully obvious process and if they did't see it, well, that was the end of the story? somethings smells here.
I've always wondered whether someone planning a criminal break-in somewhere might not release a virus as a cover, so that the victim would shrug off any anomalies on their system as side effects of the virus, and think the virus fix was end-of-story.
Sheesh, evil *and* a jerk. -- Jade
I always wondered if the anti-virus companies have some programmers in their payroll who work on developing viruses -- either to predict things before they hit, or to keep product updates coming and profitable.
> Is there some reason that virus writers don't create their viruses to modify themselves automatically? It would be easy to defeat a checksum automatically.
Maybe some of them do do that, and the A-V firms haven't caught on yet.
Seriously, IMO the kind of worms we've seen so far are child's play compared to what we can expect when someone wants to do some serious damage. In the future we'll have stealth worms that just flip a few bits on your system and then erase themselves after propagating to another computer or two, worms that work as a genetic algorithm to optimize effectiveness and continually feed new variants into new "ecological niches" of the internet, worms that are mathematically optimized for the fastest spread, or conversely for the broadest under-the-radar spread, etc.
The future is bleak, IMO.
Sheesh, evil *and* a jerk. -- Jade
I had been working on my CAD system on my home machine running WIN95 and DOS. I wasn't even aware anything was amiss until I logged onto Slashdot to see whats new. I was wondering why it was so slow. My firewall responded in a bit and told me I was getting a helluva lot of connect attempts on port135. So, I go look up the log file and it looked like SQL slammer all over again. Almost a megabyte of infection attempts. I wondered at first if I had made an enemy on a dialup??? In 4 hours??? Why did the whole world seem determined to wax me off the web? Damm, it seemed like everyone in the world was wanting my port135.
Ok.. so I continue to read Slashdot and the story finally loads about this new LoveSan virus making the rounds. Hmmm. When I think of how much work would have been lost had something came in and messed up my machine, I shudder. But then, I don't run my machine wide open to the net. I try to practice secure techniques - such as never allowing any programs to run that I have not verified their intentions, and don't run anything that allows embedded executables ( read: javascript and later things post DMCA that haven't been "cleared" by what I consider trusted groups - which are mostly the groups the DMCA was aimed at in the first place. )
Sure, there are a lot of websites that I can no longer see. I can not even access the Southern California Edison site, nor many business sites - as they require these embedded-executable technologies as a requisite to viewing their content.
So, I sit here, with a pretty fast system, as its pretty simple. I have no virus scanning going on, as I am not running just anything I get in. I do have an integrity monitor running, which does a quickie on startup to see if any critical files are amiss ( it just calculates an MD5 on my key executables and compares to what they should be. ).. if so, booting to GUI is aborted and I drop to DOS to straighten it out - but its never happened outside a test situation.
I keep getting all these people telling me I should upgrade and be current with the times. I would gladly upgrade if the later stuff was actually better and more robust than the earlier stuff - but thats not what I see.
Oh yes, the "presentation skills" are definitely better on the new stuff, but I see the new systems much like a stunningly beautiful secretary that I can't trust, and spends a helluva lot of time doing her makeup.
I try to tell these business people what they are getting into by running software that hasn't been verified for trustworthiness, but they seem happy to go ahead and do it anyway as long as there is someone else to blame if things go amiss. I hoot till I'm blue in the face about these businessmen who put content on the web that can only be viewed with proprietary readers, whose underlying trojan motives, if any, can no longer be legally ascertained as a result of the DMCA.
I am especially puzzled by business's perception of proper etiquette. Would they hire a sales rep that constantly interrupted a customer in mid-question with comments on his grammar or spelling? Or worse yet, rudely hangs up on customers if they don't understand something? Is not a corporate web-site their sales-rep in cyberspace? Why would a business hire such rude representatives that coin their own protocols and chide the customers relentlessly for not adhering to their latest incarnations of the communications protocol "standard"?
At the risk of redundancy, I'll say it again. I do not like these proprietary unverifiable protocols. I consider them very risky - to me. I really don't care if YOU get hit with a virus, but I don't want any part of it.
Ok.. I just had to get this off my chest. It might cost me a bit of karma, but I had to say it in public in the hopes that someone in management that makes the decisions will hear my plea.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]