The Origin Of Sobig

MrZeebo writes "According to this story at Canada.com, the FBI, along with other authorities, have traced the origin of the Sobig worm. The quick timeline: Apparently, an earlier version of the worm installed a backdoor on a home computer in British Columbia. The creator of the worm used this compromised computer to create a Usenet account with Easynews.com in Phoenix, using a stolen credit card. The worm spread from Usenet, and contained the IP addresses of 20 computers to contact on Friday, and to download an unknown program from those computers. Officials were able to take 19 of these computers offline before the mass-download. However, the 20th computer stayed online, and many copies of the worm were able to get the rogue program. Those that did were merely redirected to a porn site, no damage done. However, now infected computers will continue to try and connect to the other 19 every Friday and Sunday until the worm expires on Sept. 10th." Reader muldoonaz points out this brief Reuters story about the investigation, too.

Re:Another day, another worm

[wasabii]

I think MS is to blaim. But not because they left a hole, in fact, they didn't with SoBig. SoBig is a simple executable attachment. What they did however was put no effort into making it hard for these programs to be launched! Look at any unix mailer, does it have an "Open" button to launch a downloaded program? Mozilla? No. You have to go out of your way to save a file to disk, mark it executable, and run it. Windows was designed to make it easy to spread virus, until MS fixes that, yes, they are at fault.

To-do for microsoft

[t_allardyce]

To Microsoft:
Subject: To-do list for your products:

• Out of the box, warn users when they attempt to execute an attachment, especially if its an executable. Turn of vb scripting in all products, it can only be turned on manually, or through an "are you sure" dialog box. Advanced scriptable functions - eg access to the address book and the ability to send mail need additional user activation.
• NetBIOS: loose it. They can enable it themselves.
• Other ports/network access requests: Your OS does not need to access the internet by default, it does not need to automatically update, dllhost&svchost do not need to access the internet, turn it all off, if the user wants it they can turn it on.
• Fire everyone in the marketing department. They must all go, they all serve no purpose, footballers are more useful to society than Microsoft marketing department staff.
• slashes go forward, adjust your products accordingly
• Please extend and embrace the following technologies and free support with your major OS's: firewalls, anti-virus, tetris. In exchange you can take out these technologies to save money: paint-brush, freecell

Stupid Canadians you would think they know better!

[ratfynk]

First they don't even care if they leave Windows vulnerable, then they screw up our power grid. What next they might even stop buying our junky software anymore. Time to invade, this time they won't have enough Iroquios to stop us like in 1812! Take no prisoners.