Slashdot Mirror
New Microsoft Worm Coming Soon?
Seft sent in a solid article running on the BBC discussing the next potential worm explosion on the heels of a recent
Security Bulletin from Microsoft. The article is a somewhat general topic piece on worms in general.
From the article:
US computer security firm iDefense discovered the code being circulated from Chinese websites. It said some computers were already being broken into using the new exploit code.
This puts a bit of a different spin on the previous story, in which Taiwan accused China of organizing a cyber-attack. I think this validates the position that Taiwan's government was simply disseminating a little cross-channel FUD... there may indeed be Chinese hackers trying to break into Taiwanese systems, but they're doing it on an ad-hoc basis, not as part of a government-sponsored attack.
Think about it... you're a hacker in mainland China, and you want to attack someone. Do you go after your own government? Only if your family doesn't mind paying for the bullet when you're convicted of espionage. Much safer to hit a country that your government wouldn't mind giving a black eye?
Hackers in China... hey, it looks like China is the new Russia!
Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
...Scientists predict the sun will rise tomorrow.
on the heals of a recent Security Bulletin from Microsoft
Apparently, the worm infects the user's grammar-checker, rendering it inoperable.
No excuse on this one. It's not like Blaster happened eons ago, and this is virtually the same type of flaw. Patch your systems.
...that the next worm explosion heals the recent Microsoft Security Bulletin. That will be a welcome change, coming on the heels of the last big Microsoft worm.
Urgent alert this just in... there might be more worms in the future..
So more companys like Air Canada can get hit and blame it on the worm makers, yet never blame it on there stupid IT department that had three weeks to patch the system and never did.
"Malicious hackers are starting to circulate computer code that exploits recently found vulnerabilities"
Starting? When was this article written 1993?
Gee thats like say new windows security patch coming soon
"Its too hot out for a Penguin to be just walking around. - Billy Madison"
All my friends and family use Worm 9.0! It's easier than ever!
He said malicious hackers and virus writers tended to concentrate on the most widespread loopholes to ensure any pernicious program they write would spread far and wide.
It's sure a good thing that sshd is such an uncommon piece of code. I'm sure there can't be more than a few computers out there running it.
Come on, worm.
--saint
Am I the only one who noticed that the woman in the BBC Article's picture (directly above the "The MSBlast worm hit some users hard" Caption text) is using an old mac, and therefore, is not struggling with the MSBlast worm?
The power button and display/contrast knobs on the side of the monitor give it away....
Also, from the article: "But viruses that take advantage of new found flaws in the chunk of computer code exploited by MSBlast look set to arrive even sooner." -- Does this mean that even though microsoft cleaned up the code that was used by MSBlast as a backdoor, they still overlooked some code in the same region?
Its a shame the only people who read these articles are the ones who aren't affected in the first place.
According to C|Net's News.com.com, two new woms have surfaced exploiting a 2 year old hole in IE 5.x.
Just in case you have not noticed, United States (and for that matter, most western powers) are considered by the Chinese as "hostile" nations.
ELOI, ELOI, LAMA SABACHTHANI!?
Is there a fix for this yet? Do we even know what is being exploited? Hopefully my NAT and ZoneAlarm will cover anything on my end.
The only way the MSBlaster worm was effective, though, is because people didn't patch their system. I understand that updating sucks, and we really shouldn't have this many updated to deal with, but it's the product you bought and the way things will remain, I imagine. People don't update their systems, as I was saying, and then Microsoft comes out and mentions something about automatic updating. To me, this is a horrible idea. I want to know what I'm patching or downloading before I do anything. This is my computer, I should know what's happening to it.
My two cents.
Insert witty Slashdot sig here.
Okay, I've read about three emails so far, plus this article, about this new security hole. So of course, I go to download the patch.
And there is no patch. Headed to http://windowsupdate.microsoft.com, hit Scan for Updates.... nothing shows under Critical Updates.
Anyone know what's up with this?
James.
"I have spread my dreams under your feet, Tread softly, because you tread on my dreams." - W. B. Yeats.
Is it too much to ask for an "editor" can spell?
Yes, yes it is...
You could pretty much say that about everything on Slashdot. Read the FAQ.
A pre-worm article
A current worm article
And a post-worm article?
Essentially three times the FUD, bashing, turfing, and... well, slashdot.
A winner is you!
My suspected-spam file had something like 50-60 new messages in it since last night. Except for one Nigerian-scam message, they all claimed to be security fixes from Microsoft (how original of them :-| ). I saved the attachment from one of them and let Nortan Antivirus take a look at it. It didn't identify any virus (even after updating signatures), but it has to be malware of some sort that just hasn't been cataloged yet.
20 January 2017: the End of an Error.
Good to see that there are still those visionary geniouses-THE MODERN AMEDAUS-who know what's gonna happen & when, oh and really have a knack for stirring up the media.
Lemme give this a try:
I see in our future....some lawsuits...and there will be a plauge....and some severe weather....run for hills! REPENT! Your days are numbered!
Maybe they should just stop announcing general things like that and just fix the damned security hole so no one has a chance to attack with a virus. But then again this guy also sounds alot like our Prez....today we will be at yellow alert..there may or may not be a terrorist activity of an indeterminable type that could or could not endager American lives....that is all.
Does anyone remember Sega net? At least I think that is what it was called. It was offered in this area years ago (Durring the Sega Genesis days) through the cable company. For an extra monthly fee, you got a box (IIRC) that hooked up to your Sega Genesis, and gave you access to a number of Sega Genesis games which changed monthly.
Only the latest virus definitions catch this thing.
New Microsoft Worm Coming Soon?
No. Blaster was it. We're out of worms. Try the fish.
Attention deficit disorder is a complicated issue, spanning several major... HEY LET'S GO RIDE BIKES!
I don't know why but the title makes this sound soooo exciting! I mean "New Microsoft Worm Coming Soon?" . Almost like a pending release of some new exciting software. I guess its the whole "Comming Soon" that triggers the reaction. Gotta stop watching movie trailers I guess :)
E.
Never rub another man's rhubarb - The Joker
Steve Ballmer unleashed his worm to unsuspecting young ladies all over North America....
"WHO SAID SIT DOWN!?"
Actually Sino-US relations have been constantly improving going all the way back to Nixon. Carter also did a lot to further relations. There are also plenty of US businesses operating in China (some of which have been mentioned on Slashdot in the past).
The Sun is scheduled to rise in the east tomorrow morning...
WTF? Over?
"US computer security firm iDefense discovered the code being circulated from Chinese websites."
Chinese websites, as in from mainland China, or from Hong Kong?
If it is Hong Kong; then perhaps it is the same fellows that run the bootleg operations. Oddly, it doesn't seem that the new Chinese rule has done anything to stop this. I guess crimes against the US and other world nations and their computer systems don't count for as much as saying that thuggish tyrants shouldn't rule.
Mainland, on the other hand, would indicate something occuring directly under the pervue of China, and their 'government'.
Neither is particular suprising or unusual, but these kind of folks usually get ignored for swapping copyrighted data and running illegal porn sites. I wonder if swapping viruses will put them on the criminal radar?
Anyone have any information on this particular factoid? It would be interesting to know if these are HK or Mainland.
Eh.
-Chompster
This isn't a redundant post; I just set my threshold to 6.
Either MS is stupid and hasn't put up the patch for win2k pro yet, or I got this ages ago.
I think it's another blatant attempt by the media to instill fear in the public about the notion of another huge worm attack on people's computers. I guess the BBC wants credit for the "We said it here first people" catch phrase, then why not have the BBC post an article warning about "The countdown to the next Windows security hole has begun" (I'll start a pool to see who correctly date when a new security hole is found), or the next version update of the Apache webserver long before anyone else can or does, or the oh so coveted hacked webpage that will be coming soon ("The countdown to the next hacked webpage has begun". This reminds me of MSNBC's folly of accidentally posting the pre-made death articles of some high-profile celebrities and political figures.
1.Ride on the General Public's Fear
2.Feed the Fear
3.?
4.Profit!
Its a new mail-worm. I've gotten it delivered in both dumbass-execute-the-patch and mime-exploit flavors.
NAI has new defs that cover it now, and I assume all other others do too.
Let me make sure I understand. There's a front page article about a potential Microsoft worm that may be created using an eight day old security vulnerability, but no articles at all about the Sendmail vulnerability discovered today, or the SSH Vulnerability discovered yesterday? What am I missing?
Public use of any portable music system is a virtually guaranteed indicator of sociopathic tendencies. -- Zoso
Good to know.
I'm sure GWBush is despreatly looking for an "evil nation" that can "bring it on".
But then I find US and China having any kind of hostility highly unlikely.
China exports so much to the US that they'd fall over backwards and cry if the US put on a trade embargo. No shots need to be fired.
In Soviet Russia, the television watches YOU!
Is there anyone here on /.(which includes a 90% of the audience of such article anyway, let's face it...) who didn't patched all Win PC's(if any;oPPP) on the first notice of the exploit a week ago????
That's why we should have a new "+5 Sad" moderation.....
1. No sig. 2. ???? 3. Profit!!!
Thank you, Captain Obvious.
I wish I could Meta-Meta-Mod you then. Jokes like this are funny the first fifty times but get just as old as Microsoft worm stories. Funny mod should be reserved for something original that actually makes people laugh. I know I didn't even chuckle at his post just like I don't chuckle at the Soviet Russia posts.
I got the same thing, and my trendmail office scan caught it. So, watch out.
Very good point ! you have made it ! What this bastards think ? slashdot is an english learning site or what ?
"Windows 98, Windows 98 Second Edition (SE), and Windows 95 also are not affected by this issue." So we can save ourselves by downgrading to previous windows versions? Or is this just a shameless plug? "However, these products are no longer supported. Users of these products are strongly encouraged to upgrade to later versions." Yup. It's a plug for newer, even more vunerable software, alright.
10 Bits= $.25
100 Bits= $.50
110 Bits= $.75
1000 Bits= 1 byte
Tra la la ...we're goin' 'round the good ole 'net.
hey guys looky there, a new network let's swamp it, I say
*swamp swamp swamp*
ha ha ha ha ha ho ho ho ho ho hee he he he what fun!
*happy singing*
here we go around the good ole net
good ole net
good old net
hi fellas, guess what I found! A nice clean M$ server
Yaaaay!!!
Here we go *infect infect infect*
Haa ha ha ha ho ho ho ho hee hee hee hee What fun!
An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
After reading this article, I immediately checked WindowsUpate... only to find I installed this already a few days ago. This is the positive side of the Auto-updater, being able to set it to tell you when there are new updates available.
I'd never set it to auto-update, and I sincerely hope it never gets forced upon me. But as long as the company I work for has a know-nothing IT guy and a reliance on windows-only software, I guess I'll have to live with patching my 2K install.
(Though don't tell my boss, I've got a Knoppix CD in my desk drawer and am currently exploring how feasible a switch to Linux on my work box might be!)
The longer I'm a member of the Human Race, the more I believe Apocalypse is a valid solution.
It's this:
s we n.a@mm.html
http://www.symantec.com/avcenter/venc/data/w32.
There's a new worm out there that exploits a security hole still in Windows 2k/XP from when it was released.
It has the capability to shut down applications, goes right through anti-virus software (even the latest patches!!!), and gives total control of the victim computer to the creator of the worm.
An attempt by the powers that be to shut down it's source of updates was thwarted by various government agencies and the worm itself.
Unfortunately there is no patch to get rid of the W32.MS.AutoUpdateRequired worm.
The patch is available here:i ns/ms03-039.asp
http://www.microsoft.com/security/security_bullet
Patch those tea strainers now!!
-- Fuck Beta
..and why not? We have stories such as:
FreeBSD 5.x-alpha to be released for testing
FreeBSD 5.x-alpha released for testing
FreeBSD 5.x-alpha released
FreeBSD 5.x-beta to be released for testing
FreeBSD 5.x-beta released for testing
FreeBSD 5.x-beta released :)
et al
Trolling is a art,
I was just on my way to microsoft.com to get the patch, when I realized I was running Debian. :D
Nike and every other company that owns slaves... er a factory in China will prevent the US from going to war.
Well then I'm going to meta-meta-meta mod you! Ha! How do you like that!?
since you read slashdot, no, that worm probably hasn't been used enough to be infected by anything.
Hey guys, there's this REALLY COOL game already installed on MS-DOS:
It's called 'del *.*'
PASS IT ON!
Bill Gates has worms? :)
From the article:
He said new approaches using artificial intelligence to spot threats and improvements in the way that software is written are slowly helping to reduce the number of virus outbreaks.
Artificial Intelligence... like the kind Gates has? Maybe he should 'upgrade' to his own operating system.
I will defeate your meta-meta-meta mod with my pseudo-anti-meta mod.
NYER.
I think it's kind of ironic...on their page it goes through the products affected, NT, XP, etc.
And then they say Windows Me is not affected, not is 98, or 95, but you should upgrade to the newest versions. To the end user, that would kind of be like, I could upgrade to the newest versions, and then be vulnerable to all of this...why would I.
Just thought it was funny.
GeekWares - Buy and Download Today!
- The article is a somewhat general topic piece on worms in general.
Since General Wesley Clark has entered the general Democratic field for the next general election, it's been generally assumed that general technical issues like this one would be handled with somewhat general ease by applying the general security practices to used by the general public, in general.E-week today posted that a different IE vulnerability (2 years old and fixed in IE6) is also circulating. They call it Swen or Gibe. Low impact (so far) but given the history of Windows users to patch ... worth watching
http://www.eweek.com/article2/0,3959,1273194,00.as p?kc=EWRSS02129TX1K0000531
This is not the original post I saw about this but I can't find the first one.
Best
Jeff
Yeah, like Walmart would ever survive without cheap T shirts and plastic crap from China. Forget about it.
Blast :)
Yeah, and they'd just send boatloads of people to the us and march across it in a gian yellow wave. US 0, China 1.
No shots fired.
http://www.k-otik.com/exploits/09.16.MS03-039-e
i'd post the code, but
A Chinese RESEARCH group did post an exploit for that particular vulnerability in their web site. Anyone can download it and the site is quite well known. There is no conspiracy or secret war going on.
iDefense is a firm known for their lack of expertise and that actually pays independent researchers (aka pennyless ppl) a misery to get their hands on new vulnerabilies and exploit code - all fair until you realise that most of these payments are in the $50 region.
This reminds of the news of the asteroid and the craze around it crashing on earth - the scientists were not happy.
P.S. No. I'm not chinese.
"...criminally unprepared..."
Do you mean as in somone who runs any Microsoft software?
Big Brother Bush is doubleplus ungood.
Start thinking of us that operate in the real world. Cocky statements like "We've had plenty of warning about this, so it's only the criminally unprepared that will be hit right" sound outright stupid. The patch was released last Wednesday. To coordinate business departments, users and techincal staff along with testing requirements doesn't happen overnight. You do your best to patch as fast as possible and take steps to add a firewall layer but you have to deal with business requirements. Switching from Microsoft won't solve this problem either....OpenSSH anyone?
However, I don't mind Microsoft security problems, it keeps food on my table.
Strange women lying in ponds distributing swords is no basis for a system of government.
New ssh Exploit in the Wild
The problem seems to be that you're running late, not slashdot. The above stories were each posted the day before you claim that the vulnerabilities were discovered.
According to research at an English university, people never notice security updates until after the hole they patch has been exploited.
Brown, not yellow. Contrary to what L Fletcher Prouty tells you, they're Mexicans.
To be honest, I hope it just trashes boot sectors before writing random crap all over the hard drive. That might actually get the message through. All these soft viruses just make people think of it as an inconvenience. When something bad happens, people might just start sitting up and taking notice.
You're thinking software, not biology.
A virus like Ebola is bad news for its host. It spreads pretty easily and quickly causes violent, bloody death. But it kills its host so quickly that the host doesn't have time to infect anyone outside his immediate contacts, and the severe nature brings all Man's medical defenses to track the contagion to its source and eradicate it.
The common cold is a virus, too. It causes relatively minor discomfort to its host, only killing a small number of previously weakened hosts. This gives the cold time to spread widely before it is detected, and by that time the infection can no longer be contained -- or even traced back to its original host.
Early viruses were more Ebola-like, wiping out boot sectors, killing the host. But when was the last time you heard of a new infection by the Michelangelo virus?
Evolution, of a sort, has led to new viruses being more like the common cold -- annoying, but not deadly, and therefore common as a sneeze.
Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
It's hard for thee to kick against the pricks.
I heard that winter is coming, the sun sets in the west, and water flows down hill.
I'm surprised we haven't seen worms doing more interesting tasks than coordinated DDOS attacks... Think what would happen if a worm spread some sort of simple P2P client to every machine it hit, and just initiated random downloads of mp3's from other worm-infested nodes (and maybe users could make a "suggested downloads list" through a config file somewhere). The RIAA would get dizzy trying to find a target to sue...
Just checked with Symantec...while the updated defs aren't available through LiveUpdate, they are available by downloading the Intelligent Updater. How smart of them...instead of sending out a couple hundred K, they force people to download 4 megs each until next Wednesday. It's their bandwidth, I suppose...
(I reran NAV after getting today's defs...it identified the file as containing Worm.Automat.AHB. SARC says nothing informative about it, but F-Secure says the following:
Another 5-10 copies arrived since my last post...busy little fscker, isn't it? Rabbits don't breed this rapidly.
20 January 2017: the End of an Error.
Starting? When was this article written 1993?
Well, the woman in the stock photo is using what looks like at Apple IIe display...
If you're referring to the latest RPC vulnerability, then here is the Knowledge Base Article that has everything you might want to know about the vulnerability, what systems it affects, including links to download the standalone patch.
Additionally, here is the Microsoft Technet Security Page where security bulletins, information, and all sorts of links get posted whenever a new Windows vulnerability is announced.
FWIW, I did scan through the articles, but apparently not very thoroughly.
Public use of any portable music system is a virtually guaranteed indicator of sociopathic tendencies. -- Zoso
Heh this is starting to sound like the kind of hype video games get.
;) Hehehe.
Kind of like, "New Microsoft game coming out soon!" but a lot more exciting. I can see it now. Entire sites dedicated to worm reviews, previews, demo downloads. Mmmm.
Has anyone started a betting pool for when this thing will be out? I bet it'll come out before Half-life 2. Don't know if it'll sell as many copies though.
- shazow
Is it too much to ask for an "editor" can spell?
Yes, and writing is beyond all comprehension.
Isn't this a reposted article? Wasn't there an article about a MS worm last week? And there one a week before and another the week before that week?
I also think the Windows Update site is broken.... every time I go, there's like 20 critical patches to install.... clearly my computer isn't being updated properly.
</sarcasm>
"There is no spoon." - The Matrix
I'd say you're missing good observational skills. (Or perhaps you just have decent troll skills, in which case IHBT.)
Wait, are you talking about the sendmail bug discussed on slashdot 2 days ago?
And with a ? too as if we don't ALL know that of COURSE there will be another worm soon....it's friggin Microsoft people...is most of todays news being posted by captain_obvious or what?!
Bloodhound.Exploit.1
Which according to Symantec is "likely to be a new worm or Trojan that makes use of the DCOM RPC vulnerability.".
I'm pretty sure it's a false positive as the machine is patched, firewalled, and the file was found in the offline file cache (I've seen a few false positives in that directory).
For a minute or two I though the worm we are all expecting RSN, had been released.
The funny part is that I confessed that I screwed up in another reply, and I still have people modding me up! Glad to see those moderator points going to good use.
Public use of any portable music system is a virtually guaranteed indicator of sociopathic tendencies. -- Zoso
Sure, just look at western Canada for an example. Something like 1 in 3 people in B.C. are Chinese.
Canada 0, China 1.
And in other news today, George Bush has deployed military units in China on the basis that China can deploy cyber-weapons of mass destruction within 45minutes.
He plans to attack at daybreak.
the chinese information minister denies all statements of american troops in china.
-Rob
i'm sure all the macintosh users were as frusterated as her.
>> I, for one, welcome our new worm Overlords.
:(
With that attitude, the movie Dune would have been a lot more boring.
Security hole discover --> Patched Released --> A little while late some spastic releases worm to take advantage of other spastics who didn't patch.
"Go into the hall of mirrors and have a bloody hard look at yourself" - HG Nelson
Symantec is getting my money for Norton Internet Firewall 2004 and Norton AntiVirus 2004, a shame it doesn't ship until after October 1st.
I'd switch to Linux, but most of my marketable skills are with Microsoft technologies. So an updated Software Firewall and AntiVirus are going to be bought soon. Pick your favorite Firewall and AV programs and updated them if you run Windows. I pity those who don't.
Soon I'll try to buy a new system and put Red Hat 9.0 on my old one. Slowly I'll learn Linux Apps that do the same thing as Microsoft Apps. The Windows system will have software Firewall and AV programs on it. Slowly I'll move to WINE or buy a Commercial version of WINE and move what Windows apps don't have a Linux alternative to the Linux box.
Not sure if I can break the Windows habit, but I'll be a lot safer if I do.
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
WRM?.... Windows Rights Management Client update?
Sounds dastardly to me.
All your metamoderations are belong to us!
A computer virus could wait several weeks before it nuked the hard drive.
If I wrote a virus, I would add anti-tamper features so that removing the virus would also trash the system. The virus could encrypt selected parts of the hard drive and decrypt them on-the-fly when the operating system accessed those sections of the hard drive.
Mea navis aericumbens anguillis abundat
Is there anyone here on /.(which includes a 90% of the audience of such article anyway, let's face it...) who didn't patched all Win PC's(if any;oPPP) on the first notice of the exploit a week ago????
Wasn't the DoS version of the exploit published in July?
Using the search function is hard, isn't it?
Sendmail Vulnerability and SSH Exploit
And to think you actually got modded up...
The protocol itself is derived from the Open Software Foundation (OSF) RPC protocol, but with the addition of some Microsoft specific extensions. i.e. vulnerabilities
From Microsoft:
Note Windows 98, Windows 98 Second Edition (SE), and Windows 95 also are not affected by this issue. However, these products are no longer supported. Users of these products are strongly encouraged to upgrade to later versions.
WTF? How this translates to me - "If your computer is immune from these new strains of virii you are strongly encouraged to make it vulnerable."
reading this article gave me an initial knee-jerk reaction of checking it out...
Read the next paragraph a-la Monty Python skit:
But all the clues pointed that in fact, there was no hole on my computer. The announcement on Microsoft site said the flaw had been disclosed on the 10th. The "support" bullet said: a patch will be made available within 24 hours... and my windows update didn't warn me of anything.
So I took out my handy "psinfo -h" and found the following atrocity:
A full 8 days ago.
For those who couldn't figure out the skit, it's the Ralph Melish skit where absolutely nothing happens.
I was refering to this one. Does your question means that the answer to my question is No!!!!????;o))
1. No sig. 2. ???? 3. Profit!!!
Have patch, firewall, etc. here at my company.
In the last 2 hours, I have received five messages all noting that my "message was underliverable" or similar wording.
No "attachment" (use Netscape 4.7x here at work for e-mail handling). But, a look at the source showed the payloads.
One was a ".bat" file, others were randomly named ".exe" files.
In analyzing the headers, most (three of five) appear to have originated from a "Comcast" server.
The time stamp on the messages of the messages ranged from 19:30 GMT to 16:30 GMT -4.
Something is spewing on the net.
Regards,
Fredrick
How is a closed source binary update, AT ALL comparable to a 1 page diff of two source files?
I can patch, rebuild, test, install, and then take down sshd for approximately 5 seconds while it restarts.
Quite the disruption of service.
N: But for the lack of any untoward circumstances for this young secretary to notice, and the total non-involvement of Mr. Gates in anything illegal. The full weight of the law would have ensured that Bill Gates would have ended up like all who challenge the fundemental laws of our society: in an iron coffin with spikes on the inside.
This is the same fucking story that's been going around since the bulletin was released 8 DAYS AGO!!! Why is this now news on /. ??
s/New/Yet another/
A lot it would seem...
"Ignorance more frequently begets confidence than does knowledge"
- Charles Darwin
Other way around, son. US business is so hopelessly dependent on cheap Chinese labour and just in time manufacturing that there'd be chaos if China was embargoed.
Gosh it's been ages since we were entertained by the last one(s).
Certainly the big question has to be, can this blockbuster even compare to previous ones? what does Ebert have to say in his review? Should I plan on waiting in line for this one, or is it a renter?
This is likely the Swen/Gibe.F worm. More info at news.com.
An interesting thing about this work is that it hits a web counter on each infection! Its currently at 913,000 at 2:45 PDT (GMT-7).
Also, this exploits an OLD IE hole. This is not a new bug.. but I guess not many people are patched?
-molo
Using your sig line to advertise for friends is lame.
Ssh. Don't post those links! We spent a lot of time building the open source = secure argument for a long time, don't shoot it down now. They can't know. Come on, man!
Probably missing an update if your waiting for slashdot to post about every update. (try security focus)
But, they did post about sendmail and openssh vulnerabilities. The greatest thing about those is that they aren't part of your base system, you can shut them off and operate fine. (or even replace them with alternatives, and vice versa)
-- This space for lease, low setup fee, inquire within!
http://www.microsoft.com/security/protect/
This has all the information you need to protect from the current worms and FUTURE ones.
I didn't, but then my win95 machine isn't on the internet anyway. Not even behind a firewall.
I think we've pushed this "anyone can grow up to be president" thing too far.
Do a lot of these patches require rebooting in order to be effective? I remember the days when MS machines, even servers, required a reboot to make major changes effective. Kinda kills your uptime, must kill and operation that depends on being up too.
Of course, this seems to be another RPC bug. I don't think most people use RPC, so turning off the RPC service - or at least setting it to manual instead of automatic - would at least keep you safe for awhile, correct?
Typical. Pre-announcing vaporware just to hurt competitors' sales.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
> So now there will be:
> A pre-worm article
> A current worm article
> And a post-worm article?
What we need is a self-propagating article.
Sheesh, evil *and* a jerk. -- Jade
I have written proof-of-exploit code! Here it is! Use this with extreme caution!
net send %computername% "You are screwed! Upgrade to Linux."
640YB ought to be enough for anybody.
but it has to be malware of some sort that just hasn't been cataloged yet.
That is how you protect today from tomorrow's malware.
Antivirus software is good at protecting from yesterday's malware.
Somehow I don't quite trust tomorrow's malware to be as kind as yesterday's.
He said new approaches using artificial intelligence to spot threats and improvements in the way that software is written are slowly helping to reduce the number of virus outbreaks.
1. The tools to scan cource code for the most common buffer overrun problems has been in existence for at least 3 years (STFW - you'll find papaers on them).
2. The tools also exist to keep buffer overflow problems that escape detection from being used to compromise systems (again, STFW).
3. After the last buffer overflow fiasco (MSBlaster), a similar buffer overflow problem was found, BUT NOT BY MICROSOFT. They couldn't be bothered to look for any more (see Microsoft's own security bulletin on this)! I assume this is the vulnerability the article is talking about hackers exploiting.
All these new tools are only effective if you have a desire and the will to use them. Microsoft obviously does not! I guess they have more important things to do like funding SCO's attack on Linux!
> Dammit! There I go thinking ZDNet would actually have breaking news. I really should know better. My bad. I withdraw my question and submit myself to the floggings to come forthwith.
Since you have a Slashdot account, we'll assume you'll be flogging yourself.
Sheesh, evil *and* a jerk. -- Jade
constantly improving
Over the long haul, yes.
But there were some points of tension when the U.S. cruddy intelligence led to the mistaken bombing of the Chinese embassy in Belgrade, and when a U.S. spyplane flying off the coast made an emergency landing on a Chinese island.
Meanwhile, the government there is learning that it can divert attention from inconvenient issues (like corruption between the military and industry, lack of an open democratic process) by exploiting nationalistic sentiment (We vs They).
This is in the same grand tradition that is done in the United States and in Russia, so the rest of the world can feel safe knowing that all 3 of the largest nuclear superpowers are populated by emotional peasants.
"Provided by the management for your protection."
on the cutting edge of 1997. Hackers are distributing exploits across the Internet to take advantage of a highly publicized MS vulnerability? Who passed them this information, Homeland Security?
Use Linux on a Mac... far away from any silly virus. Too bad I have to work on Windows PC's all day, so I'll have to deal with ID=10T people that click "Canel" when the Auto Update windows comes up to patch their crappy OS. Just ranting.
If it can go wrong it wnetscape: Segmentation Fault, Core dumped
As much as the desire for morbid entertainment in me would like to see this cause some uproar for a week or two, I honestly don't think it will solve anything. Simple history.
Years before 2001/09/11, I heard a number of people say "it'll take some major act of terrorism/violent uprising/etc. to wake them up and change things." I'm sure many of you have heard the same. Well, it happened. It woke people up. And it changed things, too. The problem is those changes weren't good ones.
As others have posted, imagine for instance a worm that slightly altered documents, here and there. A small number, a misspelling, nothing that'd catch notice for awhile. Many places only keep a week or two of backups. Imagine knowing all the documentation you own might be compromised, and you had no recourse.
I can only imagine the laws that would get passed if such a worm got a foothold and wreaked its havoc. And that is not funny or entertaining.
Don't think of it as a flame---it's more like an argument that does 3d6 fire damage
It's probably just vaporware.
That's "Mr. Soulless Automaton" to you, Bub.
Blaster at that router...
::COMMERCIAL BREAK::
Blaster at the firewall...
Blaster grappling with the firewall... there seems to be a misconfiguration somewhere... And *BAM*, Blaster slips right through to take an unpatched webserver... hate to be the admin for that box...
Blaster looking around for more targets... seems confused by the DMZ... looking... looking... and he's *IN THERE*... slips through a stale RPC connection to a developer box...
Making quick work of development...
over to Q&A...
back to management and sales...
And score! Laptops in sales. Those will be handy on Monday when they're at client sites...
Back to the webserver... saturating that connection... just punishing that connection. How much pain can this ISP take!?
This program brought to you by Microsoft. When you think Security, don't laugh, say "Trustworthy Computing" three times and tap your shoes together like *this*. And Norton Antivirus. We can't protect you, but at least you'll feel like you've done *something*.
-Hope
that the frustrated woman in the article is likely using an Apple IIgs?
Wow, if that apple IIgs can run WindowsXP, I shouldn't have given mine away!
Nutty stock photography.
"[T]he single essential element on which all discoveries will be dependent is human freedom." -- Barry Goldwater
Taquila!
Just checked windows update... it says it didn't find anything to fix... something wrong here? Keep in mind I haven't Updated for two weeks or so.
Hell, at least all the stuff hitting my spam filter isn't talking about "Your Application" anymore.... That sucked.
I write code.
*raises hand*
me. I never patch Win.
Nor would i let that crap connect to internet.
I'm a chainsmokin' alcoholic sociopath, so-ci-o-path
...is not spend your tmie ranting about how evil MS is or how bad or what not.
Spend your time and energy making sure everyone patches. This is so simple to beat. Just patch.
Got around 5 of these in the last hour. I am luckily on a Mac, so I'm not worried about the Virus, but I tried to mail a couple of the senders to tell them about their comps and their mail quotas were already full...
Talk about incentive to upgrade!
-r
Don't erase drives or delete files or anything else. Corrupt the data in small ways. You could also alter Access database files. Changing a few numbers or letters. Make it so people will no longer be able to trust the data. If done correctly, people will lose days or weeks of work because the infection wasn't noticed.
So far, no virus has really gone after the data. They've deleted files but those are easy to recover from backup. They've crashed machines, but that just makes a bit of work for the techs to get to your machine with the anti-virus disk.
Always put HR departments in the DMZ. We used to screen applicant into the "Possible" and "Sent us a virus" piles. IT Manager applications tended to end up in the "Virus" pile until some SOB faxed his in. Sadly, that's the guy they hired. At another gig, where HR really was in the DMZ, we didn't care that she'd gotten a virus, we just watched the running totals of how many. Dozens a week during the dotcom boom.
Veteran, Bermuda Triangle Expeditionary Force, 1992-1951
Interesting...I received a similar email, except it's from a midspring dialup customer (or so the Recevied: line says), then it passed through an Earthlink server (this one must be correct because it's the one my ISP's mail server put on). The content-type says audio/x-wav, but the file is really an exe--both by the extension and the data header.
I assumed this was an old virus. You think it's new?
If M$ w1Nd0ws was like my cat, all i would have to do is go to the vet, get some wormer, wrap it in some bacon and poof-->worms would be gone. Mmmmmmm....bacon....(drools)
Eat a Chicken, You know you want to.
Looking at the title, I think to myself that asking that question is kind of like asking if a new sunrise is coming soon.
wbs.
Huh?
That exploit was written closely based on my papers at http://www.immunitysec.com/papers/
Dave Aitel
Immunity, Inc.
dude, you're soooo out of times.
it's already at least 3*3+dupes(that the paying customers can get to report hopefully in time, which reminds me 1. don't subscribe 2. don't see dupes 3. profit!!(?)).
besides.. where do you except karmawhores could get easy copy'n'paste karma if there weren't any dupeish articles?? invent them themselfs??? NO NEVER
world was created 5 seconds before this post as it is.
Did you notice this in the page: 'Note: Windows 98, Windows 98 Second Edition (SE), and Windows 95 also are not affected by this issue. However, these products are no longer supported. Users of these products are strongly encouraged to upgrade to later versions.'
:-)
Without upgrading you wont get the latest worm.
pity
I've already been getting emails for 3 days with crap from 'Microsoft' and people sending me the patches in .exe form... like I'd trust that.
:P.
But thankfully, I run FreeBSD and don't have to deal with that crap. Just the email overflow
www.sitetronics.com/wordpress
Anyone else notice that the computer in the clipart that the BBC used is an old Apple computer? "Um, oops?"
[insert witty comment here]
I'm too lazy to compose a creative sig.
if your security (such as it is) comes from obscurity, and you then give up the obscurity, where does that leave you?
With soiled drawers.
Seriously - Windows should be withdrawn from DOD consideration. For anything.
NAI? What a lovely acronym.
In Japanese, "nai" means roughly "there is not", as in "protection ga nai."
Or, I suppose "virus ga nai" kedo sore wa okashiku nai.
I'm still using my ISP's mailbox (I'm concerned about losing e-mail while doing hardware updates) but I may reconsider if this keeps up.
Here are some filter rules that catch pretty much the entire new wave of crap:
From: contains "Microsoft"
Body contains "Cumulative Patch"
Body contains "Undeliverable to"
Body contains "Undeliverable mail to"
Body contains "Undeliverable message to"
Body contains "Undelivered to"
Body contains "Undelivered mail to"
Body contains "Undelivered message to"
I woke up this morning (JST) to a couple dozen of these in my mailbox. I added a filter line for any messages containing a "Content-ID:" line, which seems to catch them (and as an added bonus ought to take out most other viruses too). Does anyone know of any mail clients that add Content-ID headers on legitimate attachments?
Pay attention so that you don't important words out of a sentence!
I think what he meant was - why is there a worm due for Microsoft Windows because of a recent exploit, but there isn't one due to Linux despite 2 recent exploits?....
I.O.U One Sig.
We released the patch on our network and as of last checking had applied the patch to over 29000 workstations
I went to go update our machines today, and I used the scan tool that somebody found and linked to in this discussion. Found a machine that was infected with Welchia, which is related to Blaster. We thought we had gone through all of the machines, but there was one on the rack that we missed. Oops. It's fixed and patched now.
I just hope Slashdot isn't ignoring the Linux patches that need to be done for fear it'd make a negative impression on those interested in switching to Linux. We've got a few Linux machines and a reminder that they need to be kept up to date is invaluable.
"Derp de derp."
The article is a somewhat general topic piece on worms in general.
Then why is the headline "New Microsoft Worm Coming Soon?"
Wait, we all know why.
"Sufferin' succotash."
Can't wait for the trailer to this movie.
Better than any Freddy vs Jason movie.
Yeah, and its a right bugger at 300k/message. Over a 600k cable modem its annoying, but imagine the pain when people on dialups find 100 in their inbox.
No nigerian scam messages for me, but I did get a South African one. Spam assassin doesnt recognise them, but does flag MICROSOFT_EXECUTABLE. Shame kmail doesnt allow delete from server on its filters.
New Microsoft Worm Coming Soon?
Yes. I am looking forward to greeting my new worm overloards and/or can you images a cluter of worms and/or In Soviet Russia, the new Microsoft Worm welcomes you!
Whew!
I want to note that all NT based Windows versions, at least since 4.0 are vulnerable. This means, this hole was sleeping from years, it could exist since late 1995 or earlier, if it wasn't introduced into NT4 in a SP. This means, also, people had a giant security issue along seven years, waiting for somebody to exploit it. I'm not sure how open source software can be affected in similar ways (anybody remember any case out there?), but I feel better thinking that open source allows a faster cycle for bug and vulnerability depuration.
Got Pike?
I just receive to email supposely from Microsoft, with the patch52.exe as an attachement. The HTML email was designed like a microsoft support web page, but poorly. I deleted the two suspicious email. I should have kept them for historical reference.
Lukely for me I was running mozilla mail, not outlook. If I were, the attached executable would have been run and voila!! I hope people wont fall for those 2 emails. Who am I kidding..
Well back to code.
assert(expired(knowldege)); core dump
~ Saying the sun will rise in the morning. Stunning, isn't it?
Fools ignore complexity; pragmatists suffer it; experts avoid it; geniuses remove it. ~A. Perlis
oh, wait this is cracker software, not MS...guess we'll be seeing it real-soon-now! But is it Open Source...Should /. boycot this product?
Worms today all have limited vision in what they can do and a greedy philosophy which results in limiting their possible damage.
I'm one of the good guys, but I can certainly see the potential that an evil genius can do. Please read these two papers and get a idea of what is possibly coming.
Warhol Worms
Curious Yellow
Revolutions are never about freedom or justice. They're about who's going to be top dog. -- Kilgore Trout
I've thought about embedding code demos in my resume before when scouting for contracts (going full screen 3D or something when they opened it), but figured if the person who opened it was actually a competent programmer s/he'd just be annoyed. Aside from that, can't think of a single reason not to ask for resumes in .rtf, .PDF, or *something* without executeable code in it.
You're right though - any company that executes random .doc files on the inside of their firewalls when the source is a total unknown is insane.
I write code.
I just love how the caption of the picture is "The MSBlast worm hit some users hard", yet the computer in the picture is an Apple IIgs. I had no idea how far reaching this worm was...
Over the course of maybe two hours, I received 169 of them here. I figured out how to extract the first IP address from the last Received: header line (between this and some other stuff, I've learned a lot about sed and regular expressions lately), so I can say that 76 infected hosts were responsible for those messages. What I'd now like to know is if anybody knows of a way to filter mail from these addresses within qmail. Setting up a local blackhole list and using rbldns to use it won't work, since many of these messages are going through an ISP's outbound relay before they're passed on to my server. The IP address I want to filter only shows up in the header, so it's a case where you'd need to start receiving the message but cut it off if any expression from a list is matched. This would reduce bandwidth usage (169 copies of this damn virus equals 25 MB), if it's possible.
(I could set up procmail to send these messages to /dev/null, but that means they're still being received in their entirety. Something that cuts off the remote host as the message is being received is what's wanted.)
Finally, to whom at Microsoft do I send the bill for the wasted bandwidth that their software is costing me? While it is true that they patched it long ago, a strong case could be made that the hole shouldn't have been in publically-released software in the first place.
20 January 2017: the End of an Error.
I wish articles like this one would stop referring to virii makers as "malicious hackers". I guess the sheep are too confused as it is, might as well not add fuel to the fire
Those who trade in their freedom for security, deserve neither.
I rarely get worms - I had no lovebug and only one sircam (a spanish one). I've had 12 in the last couple of hours though.
As for where to send the bill, you could argue to send it to Microsoft (If ford released a car that suddenly exploded you'd sue them wouldnt you?), or you could argue you sue the people that got infected. Of course, if they have the right to send you an email you cant really sue them.
It's tricky.
It's entertaining to watch news sites run around about possible outbreaks of viruses. It's akin to the stories of asteroids "Oh my GOD!!! AN ASTEROID IS GOING TO KILL US ALL IN 2011", same as OH MY GOD!!! A VIRUS IS GOING TO DELETE ALL MY PORN, FINANCIAL RECORDS, MUSIC, VIDEO, AND WRITING IN A FEW MONTHS!!!"
1 hacker got angry and made a virus that infected users machines, for fucks sake, it didn't even delete anything, it just showed people they were insecure and now the media is trying to stirr up paranoia. Ignore this bullshit and secure your boxes, and for those of you who have too much time on your hands, help those too stupid to help themselves?
Candy-Coated Knowledge
Let's see. Where I work, I get to see about six M$ infested computers a day comming in for wipe and reload. As many of these people are using XP with "patches" and all that, I'm under the impression that all of the M$ band-aids are perfectly useless workarounds for intentionally flawed OS design. These people lose all of their stuff, email, photos, settings, everything that makes computers usefull, and $75. I'd like to write a post for every one of those people that Microsoft lets down, but I'll settle for one or two a day.
Friends don't help friends install M$ junk.
You have to wonder how many security flaws they introduced with their supposed "patches".
An objective person looking a the list would simply conclude that Microsft has always been and will always be garbage. The fact that all M$ OS have flaws should not make people want to buy the next one.
Friends don't help friends install M$ junk.
Three. One major education institution here (of which IT composes a large part) had their entire network comprimised. The professor (head of the IT Department) was on the radio waffling on about how bad it was but failed to answer why they had not applied patches until six weeks after the MS announcment. Of course, they applied the patches after the outbreak in the Uni. when the panic hit. WTF are they teaching there?
2.The current announcment from MS was on the 10th of Sept. The BBC article appeared 8 days later (wow, they're on the ball!) and has FUD written all over it. You can just hear the Editor; "Quick! Microsoft announced a vulnerability over a week ago". "Get someone to write something". "People soak up this shit!" 3. I am not a huge fan of MS but, while their security doesn't seem to have improved their notifications/patches have improved, immensely. So good on em!Where ever I go, there I am
..."don't just tell us about the worm, patch the son of a bitch!"
"Why Subscribe?" Good question...
I wish I could Meta-Meta-Mod you then. Jokes like this are funny the first fifty times but get just as old as Microsoft worm stories. Funny mod should be reserved for something original that actually makes people laugh. I know I didn't even chuckle at his post just like I don't chuckle at the Soviet Russia posts.
In Soviet Funny, jokes chuckle you!
I was just thinking... I bet Microsoft is getting people to write these worms that exploit these security holes in Windows a week after the patch is available... It helps dispell the "myth" that Windows is insecure and all that, and nicely places the blame on the sysadmins... "You didn't patch??? Too bad..." You know what I mean? "It's not Microsoft's fault; they had a patch out a week ago." Brilliant. Microsoft++
Just tonight I got an e-mail that was not caught by the antivirus programs. An e-mail that said, "Newest Network Update" and masqueraded as coming from Microsoft and urged users to apply a patch. A quick update of my AV identified the virus as "automat.AHB" but other virus programs are not catching this yet.
> But there were some points of tension when the U.S. cruddy intelligence led to the mistaken bombing of the Chinese embassy in Belgrade,
s/mistaken/purportedly mistaken/
> Meanwhile, the government there is learning that it can divert attention from inconvenient issues (like corruption between the military and industry, lack of an open democratic process) by exploiting nationalistic sentiment (We vs They).
Where is "there"?
Sheesh, evil *and* a jerk. -- Jade
the inscrutable Chinese still revere
Lao Tzu, their greatest general. One
of his tenets is for an army's force to
flow like water, towards least resistance.
What possible icon of Western Capitalism
can provide less resistance to cyber attacks
than Microsoft? Especially when Microsoft
gives them "the keys to the city" in the
form of their source code?
Microsoft is always promising a delivery. Next virus in 30 days.. we'll see. Probably will be late AGAIN!! Granted, they seem to be doing better, but COME ON guys!!
Don't even get me talking about Linux viruses.
weren't you taught not to use double
negatives in a sentence, like "Microsoft"
and "security" ?
Okay, okay, that might also be considered
an oxymoron !
hey, you didn't really expect to get a ...
...
perfect software product, did you?
nobody's perfect, even borg bill
so, quit your complaining and start D/Ling
the very steamy freshest pile of promised
security patches from Sweet Old Bill.
just don't read the new and improved EULA
quite too carefully
I received two emails from Microsoft in rapid
...
succession, as well. WTF, I stopped using these
vulnerable MS apps years ago. And MS wants me
to chain my computer to their network for
hours on dialup so I can "now be secure".
I wrote these clowns a "Dear John" letter,
instead. Fuck 'em if they can't take the
joke that is "Microsoft security"
I hacked together a couple of shell scripts that work with qmail (with the qmailqueue patch) to check the originating IP of incoming email against a list of infected IPs. Mail from a listed IP is bounced; the rest is let through. If anyone's interested, it's at http://alfter.us/files/qmail-ipblock-0.1.tar.gz.
20 January 2017: the End of an Error.
That's exactly why the US government won't get involved in the Free Tibet movement.
Have you tried Linux yet?
So, was it perjury or treason? You decide.
Either way it's not a set of ethics that would induce me to resume business with them ... ever.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
The next version of Windows will prevent this sort of thing ever happening. Microsoft have found an ingenious new solution. When you try to connect to the network the following message will appear: "Connecting to the network may allow a worm, or virus to exploit one of the many security holes in Windows? Are you sure you want to connect to the Network? " "Yes" "No" This scheme is similar to the one in Outlook when you try to open a mail attachment and has proven very effective, as long as the user doesn't press "Yes".
If a new version of Blaster would have been released immediately, it might have caused problems, but it's been too long to do major damage now, at least to business. I'm sure most got their hotfix updates up to scratch when Blaster hit.
It is odd that there hasn't already been a new strain out though... with it being such a similar flaw. Evidently the Blaster author has had his/her fun already?
Because you don't have a choice ?
ich bin der musikant
mit taschenrechner in der hand
kraftwerk
I didn't know MS was specifically releasing worms now.
Here's a quick and dirty procmail filter to get rid of the spam.
/dev/null
/dev/null'.
:0 D:
* SUBJECT:.*
|
You might want to specify a mail folder instead of '|
what the crapping hell does this article add to the sum of knowledge on this topic - its not even an interesting read!!! come on taco get it to- gether.
I for one welcome our new annelid overlords
New MS worm coming soon?
/. for our exclusive discovery that the sun rises in the morning, and diappearing in the evening.
Read tomorrow's
Sheesh! When will they ever learn? If you want security, don't use M$ products.
I just figured out a way to use the words security and M$ in the same sentence and still be correct.
Go me!
Yup, that took out my hotmail account last night. Microsoft includes received viruses/spam in your total, so it bounced any legitimate messages I might have got last night.
AP WIRE(less), 18-Sep-03. Microsoft Corporation president Steve 'Balmy' Ballmer announced today the formation of a new subdivision of the company which will specialize in the production and marketing of exploits for the Windows operating system.
"All we're doing is catering to existing demand" Ballmer said during a press conference. "People want this stuff as much as they want Windows, and we're the best choice to make the exploits available. After all, we know better than anyone how many bugs are in our own code..."
The first official release of the Windows Exploit Advantage Kit, or WEAK, is scheduled to take place on December 42nd. When questioned about the date, Mr. Ballmer had this to say; "It's our way of honoring the late Douglas Adams. Even if that weren't enough, it turns out that the number of bugs in Windows, divided by half the number of years before our sun goes nova, equals exactly 42. What could be more appropriate for a release date...?"
Bruce Lane, KC7GR,
Blue Feather Technologies
that's currently swamping my inbox at a rate of well over 1000 msgs/day, or equivalently 15 Megabytes/day of mail, what on earth would anybody have to wait for a *new* worm for? This old-fashioned one's pretty much scary enough already.
HR departments require Word format because HR is usually the least competant department in the entire organization, full of petty personalities who got their start doing filing and typing.
Where I've worked, the "good" HR people were usually the spouses of high powered executives, graduates of spendy liberal arts colleges with no specific skills other than good manners and better social connections for whom HR was a hobby occupation between marriage and full-time parenting. Technical skills weren't on the menu.
"Bad" HR people are petty bureaucrats, veterans of central filing who misbelieve they wield some power over employees and try to exercise it over entry-level job candidates.
Occasionally there's an HR person who has the brains and aptitude to understand the complexities of the health plan and enough personality and effectiveness to be worthwhile.
The real career zealots become the contemporary version of slave auctioneers, pimping the unemployed and unemployable in temporary companies on comission.
When I hired an PFA, I sent a stack of resumes of potential candidates to HR, and as often as not the ones rejected by HR in the initial screening phone interview had resumes at least as good as the ones I was allowed to interview and consider hiring. The HR rejections were explained to me only in terms of personality and "cultural fit", never in terms of job experience, skills or knowledge. They may have been right some of the time, but I think it would have been better to have the personality screening done AFTER I filtered them in person based on my skills and experience based interviews.
... or perhaps multiple things going around. I've received at least 100 emails in the last 12 hours that got past spamassassin.
3 -09-16/2003-09-22/0b ef.html
One program appears to be a 140K executable disguised as a Microsoft update. This one is Swen (aka Gibe.F):
http://www.securityfocus.com/archive/1/338121/200
http://www.f-secure.com/v-descs/swen.shtml
http://news.com.com/2100-7349_3-5078696.html
http://www.us.sophos.com/virusinfo/analyses/w32gi
http://www.topnic.com/virus_warnings.shtml
The other appears to be much smaller at about 0.1K and shows up as mail returned to sender. I have not been able to find any information on this one.
Both appear to use "SUBJECT:" instead of "Subject:", so they should be easy to filter with nothing more than procmail.
Not necessarily new, but I have not received "any" such e-mails in weeks.
And, this morning's count was 69 like messages.
However, some of the headers and setup was more inventive, some with attachments (from "Microsoft") and most not.
Subjects: "Advice", "Returned", "Message Undeliverable", "Error" and similar, even some blank subjects.
Our CIO is on it, and we have standard procedures to immediately "Trash" such and then empty the "Trash" folder.
No analysis of the ".bat" or ".exe" files was done with my anti-virus software, due to having deleted them. So, not exactly sure if this is a "new" worm or just an old one where some previously infected systems got back on the net, or something similar.
Regards,
Fredrick
Not sure what you mean by "zero-day".
Is that the day the source containing the vulnerability is checked in to CVS? In that case, the vulnerability has probably not been deployed to the field yet.
Or, is that the day that somebody discovers the vulnerability, which has presumably been in place and deployed for some time. In that case, how is that different from the zero-day when somebody discovers a Windows vulnerability?
John.
I got about 200 spam messages since last night, most carry the same ~140K EXE attach, identified by norton as "Worm.Automat.AHB"
With that attitude, the movie Dune would have been a lot more boring. :(
MORE boring? Did you see the original movie? How could it have been more boring?
I did like the books though, and the SciFi channel miniseries...
Erm... wait... no, I got nothing.
paintball
> the rest of the world can feel safe knowing that all 3 of the largest nuclear superpowers are populated by emotional peasants.
And I can feel safe knowing Slashdot is populated by sensationalist dorks. Are you a dork? Probably not, so don't call me an emotional peasant. It might be okay to say it is run by emotional peasants, but I can't say anything surely about anyone except for myself (and cowboyneal, of course).
Why in the world would you want to use both?
If I were designing a virus I would attach it to some critical connection bound to port 80 via scripting flaws in explorer or office.
IMHO, one or the other might save you but not both. I respect Zone Alarm, it is what I use. However, a smart virus writer can figure a payload with ZA in mind.
I would suggest monitoring your system with some other tools if you are really worried. I offer simply activating the network traffic monitor. (Or
watching your DSL Tx/Rx light.) These simple tools have allowed me to catch Microsoft in a number of interesting things.
My $.02
Way too late for the people that don't patch their machines daily. I feel for those mission critical people. I really do. I feel jerked around as a mere consumer, I cannot imagine how the people at the hospitals or the DOD feel when this stuff hits.
There are also plenty of US businesses operating in China
Yes, many of them employing Chinese citizens to do jobs that used to be performed by American citizens on American soil. Many of my friends were "displaced" in exactly this manner, within two years of having been assured by our employer that none of our jobs would be moved overseas. In fact, the entire manufacturing operation was moved to mainland China within the final six months of that two-year period. Only the engineering, R&D, sales and upper management remained in the US.
"A generation which ignores history has no past and no future." -- Robert Heinlein
"Try to find a US Flag that doesn't say Made in China."
Well, at least they won't run out of flags to burn.
"The obvious mathematical breakthrough would be development of an easy way to factor large prime numbers." Bill Gates,