Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Microsoft Worm Coming Soon?

Posted by CmdrTaco on from the get-ready-for-impact dept.

Seft sent in a solid article running on the BBC discussing the next potential worm explosion on the heels of a recent Security Bulletin from Microsoft. The article is a somewhat general topic piece on worms in general.

27 of 497 comments (clear)

  1. The thing is... by Meat+Blaster · · Score: 3, Insightful
    We've had plenty of warning about this, so it's only the criminally unprepared that will be hit right?

    No excuse on this one. It's not like Blaster happened eons ago, and this is virtually the same type of flaw. Patch your systems.

    1. Re:The thing is... by Anonymous Coward · · Score: 0, Insightful

      Great, except have you actually stopped to READ the eula? I have no intention of agreeing to that draconian shit, so unpatched my system shall remain until either Microsoft gives the patches away for free or some third party writes a patch that I can trust. Until then, I'm sorry if my computer gets hit and then hits someone else, but I'm also on a dialup at home that is only turned on once in a blue moon, so it's not exactly a big threat to the internet anyway. I think its a crock of shit that patches to Windoze require you to agree to things that you didn't when you originally bought the operating system. Make it the same as a car recall, where the responsibility and liability falls squarely on Microsoft to fix a defective product at their expense, not ours.

    2. Re:The thing is... by whereiswaldo · · Score: 3, Insightful


      * Someone mod this guy up - it's no troll.

      I think its a crock of shit that patches to Windoze require you to agree to things that you didn't when you originally bought the operating system. Make it the same as a car recall, where the responsibility and liability falls squarely on Microsoft to fix a defective product at their expense, not ours.

      What you're saying makes complete sense. The fact that it is legal for Microsoft to change the agreement they have with the end user just because the user is trying to keep their system up to date is outrageous.

      I believe a number of the security flaws (including Blaster) can be averted by using firewall software to block all ports except those you need (eg. the RPC port).

      I love it that all the Linux boxes I take care of haven't had a lick of problem since they've been set up. Blaster came and went and they didn't need any updates or reboots. Just glorious.

  2. Great by Anonymous Coward · · Score: 3, Insightful

    So more companys like Air Canada can get hit and blame it on the worm makers, yet never blame it on there stupid IT department that had three weeks to patch the system and never did.

    1. Re:Great by El · · Score: 2, Insightful
      And despite the fact that kevlar vests have been out for years, people are still being killed or injured by being shot in the chest, and they still blame it on the shooters! Amazing!


      Maybe, just maybe, the IT department was too busy reseting passwords every time a user forgot their password to patch thousands of systems? Or perhaps their managers refused to pay for the overtime that would be required because they beleived the M$ party line they their systems were now "Trustworthy Computing" secure?

      --

      "Freedom means freedom for everybody" -- Dick Cheney

    2. Re:Great by Dr+Caleb · · Score: 1, Insightful
      blame it on there stupid IT department

      What a line of bullshit this is. Air Canada is in banruptcy. I imagine cuts to IT are pretty deep.

      You ever try patching 5,000 workstations? You ever try patching a workstation where the user never *ever* logs off except for power failures?

      Don't give us this '3 weeks to patch it' BS, until you've been in the real world.

      And don't reply unless you log in...

      --
      "History doesn't repeat itself, but it does rhyme." Mark Twain
  3. Re:OT: Unofficial Hostility in "Cyber Space" by Anonymous Coward · · Score: 3, Insightful

    Actually Sino-US relations have been constantly improving going all the way back to Nixon. Carter also did a lot to further relations. There are also plenty of US businesses operating in China (some of which have been mentioned on Slashdot in the past).

  4. the media... by Anonymous Coward · · Score: 2, Insightful

    I think it's another blatant attempt by the media to instill fear in the public about the notion of another huge worm attack on people's computers. I guess the BBC wants credit for the "We said it here first people" catch phrase, then why not have the BBC post an article warning about "The countdown to the next Windows security hole has begun" (I'll start a pool to see who correctly date when a new security hole is found), or the next version update of the Apache webserver long before anyone else can or does, or the oh so coveted hacked webpage that will be coming soon ("The countdown to the next hacked webpage has begun". This reminds me of MSNBC's folly of accidentally posting the pre-made death articles of some high-profile celebrities and political figures.

    1.Ride on the General Public's Fear
    2.Feed the Fear
    3.?
    4.Profit!

  5. MS Security bulletin? What about... by Slightly+Askew · · Score: 1, Insightful

    Let me make sure I understand. There's a front page article about a potential Microsoft worm that may be created using an eight day old security vulnerability, but no articles at all about the Sendmail vulnerability discovered today, or the SSH Vulnerability discovered yesterday? What am I missing?

    --
    Public use of any portable music system is a virtually guaranteed indicator of sociopathic tendencies. -- Zoso
  6. Re:The Amazing Flying Hackers of China! by caluml · · Score: 5, Insightful
    To be honest, I hope it just trashes boot sectors before writing random crap all over the hard drive. That might actually get the message through. All these soft viruses just make people think of it as an inconvenience. When something bad happens, people might just start sitting up and taking notice.

    Mod me down, troll/flamebait, I know.
    However, mod me up if you feel that this might make people start patching their systems.

    --
    Get your own free personal location tracker
  7. Re:The Amazing Flying Hackers of China! by IM6100 · · Score: 5, Insightful

    A worm/virus that trashes it's host doesn't do a good job of propagating. These sorts of programs can do so at a 'time bomb' setpoint, if the designer feels the virus/worm will have propagated widely by that time, of course.

    --
    A Good Intro to NetBS
  8. Re:OT: Unofficial Hostility in "Cyber Space" by homer_ca · · Score: 2, Insightful

    Yeah, like Walmart would ever survive without cheap T shirts and plastic crap from China. Forget about it.

  9. Mod the college student down... by toupsie · · Score: 5, Insightful
    Well, if the only thing you are doing is running AIM, IE and Kazaa, I would agree. However if you work in an environment with mission critical apps that cannot fail, you can't just simply "patch your systems". You must test, test and retest.

    Start thinking of us that operate in the real world. Cocky statements like "We've had plenty of warning about this, so it's only the criminally unprepared that will be hit right" sound outright stupid. The patch was released last Wednesday. To coordinate business departments, users and techincal staff along with testing requirements doesn't happen overnight. You do your best to patch as fast as possible and take steps to add a firewall layer but you have to deal with business requirements. Switching from Microsoft won't solve this problem either....OpenSSH anyone?

    However, I don't mind Microsoft security problems, it keeps food on my table.

    --
    Strange women lying in ponds distributing swords is no basis for a system of government.
    1. Re:Mod the college student down... by CausticWindow · · Score: 4, Insightful

      You're right about having to test a lot when applying patches in such an environment.

      However, applying two ten line, plain text, patches on OpenSSH is a slightly more deterministic procedure than installing the lastet five megabyte patch from Microsoft.

      --
      How small a thought it takes to fill a whole life
    2. Re:Mod the college student down... by throughthewire · · Score: 2, Insightful
      OK, then if you've done your part to explain the problem to them, and they're not listening, I suppose it's not your fault. But that doesn't change the fact there's a serious problem here....

      Yup, but it often isn't "idiot admins." Picture a company smaller than yours. A "small business" - ten to twenty-five employees, let's say.

      The target market for, god help us, Microsoft Small Business Server. Yeah, the product that's a Domain Controller, SQL server, Exchange server, file server, web server, firewall and proxy server all in one! Joy!

      They have one server. With gobs of fragile, interdependent software waiting to go haywire after a bad patch or service pack install.

      If they can even afford a full-time admin who can deploy patches as soon as they are released, there is no test server.

      Even if their admin or "computer guy" has bothered to make backups, (s)he has to wait until no one is using the system, and then pray that Microsoft (or some other vendor!) doesn't hose them. Because a restore operation isn't going to be quick & easy.

      There are a lot of small businesses out there in just this situation, and the folks who support them are often doing the best they can.

      Don't even get me started on college campuses. If you think controlling student systems is a pain in the ass, try the faculty.

      Enjoy being the BOFH while you can!

  10. Re:Products NOT affected... by calethix · · Score: 4, Insightful

    I laughed when I read that

    "However, these products are no longer supported. Users of these products are strongly encouraged to upgrade to later versions."

    Does MS really expect the average Win95/98 user to read that and think 'Oh! I better go out and get me a copy of that Winders XP. It may have viruses and worms but at least I'll be supported.'

  11. Re:OT: Unofficial Hostility in "Cyber Space" by rodgerd · · Score: 4, Insightful

    Other way around, son. US business is so hopelessly dependent on cheap Chinese labour and just in time manufacturing that there'd be chaos if China was embargoed.

  12. Re:Survival for Virus: Don't Kill Your Host by Penguinshit · · Score: 3, Insightful

    I got the Michelangelo virus back in the day: One morning I came into work and there was paint all over my ceiling...

    Anyway, I believe the days of boot sector trashing viruses are over. It's much better to root and take control of a large number of systems than to indiscriminately destroy one or two. Recent discussion regarding the SoBig variants illustrates this point (ie, possible use as a Distributed SPAM engine). There are already numerous viruses out there which allow the perpetrator to orchestrate a massive DDoS.

    The "evolution" of which you speak is merely an evolution of desire and sophistication by the creators of such malware.

    --

    I have something in common with Stephen Hawking...

  13. Re:HIV by Nintendork · · Score: 3, Insightful
    A computer virus could wait several weeks before it nuked the hard drive.

    A virus/worm that did this wouldn't make as big of a splash when the payload executes. Anti-virus companies would have updated virus defs out there within a day or two of distribution and a lot of people would become disinfected before the symptoms kicked in. Plus, the more damaging the payload, the wider the news will reach and people without anti-virus software would use free removal tools.

    -Lucas

  14. Re:The Amazing Flying Hackers of China! by Coryoth · · Score: 2, Insightful
    To be honest, I hope it just trashes boot sectors before writing random crap all over the hard drive. That might actually get the message through. All these soft viruses just make people think of it as an inconvenience. When something bad happens, people might just start sitting up and taking notice.


    To be honest, that sort of worm isn't the one I would be worried about. The silent killer is going to be much more nasty, and it's a matter of time before somebody writes one (if they haven't already).


    Consider this for a possibility: A worm that just sits quietly on the system. It does nothing obvious that would get it noticed by users. Once a day it finds a random Excel spreadsheet. It opens the spreadsheet and picks a random cell. It alters the value of that cell by 10%.


    Lets hope no one is actually stupid or arrogant enough to try crap like that (but given humanity, realistically it's a matter of time)


    Jedidiah

    --
    Craft Beer Programming T-shirts
  15. Re:The Amazing Flying Hackers of China! by HiThere · · Score: 2, Insightful

    The worst would probably one that was totally inconspicuous, but occasionally doubled or halved a dollar amount. (And it would be really nice in Excel.)

    --

    I think we've pushed this "anyone can grow up to be president" thing too far.
  16. Re:OT: Unofficial Hostility in "Cyber Space" by 4of12 · · Score: 5, Insightful

    constantly improving

    Over the long haul, yes.

    But there were some points of tension when the U.S. cruddy intelligence led to the mistaken bombing of the Chinese embassy in Belgrade, and when a U.S. spyplane flying off the coast made an emergency landing on a Chinese island.

    Meanwhile, the government there is learning that it can divert attention from inconvenient issues (like corruption between the military and industry, lack of an open democratic process) by exploiting nationalistic sentiment (We vs They).

    This is in the same grand tradition that is done in the United States and in Russia, so the rest of the world can feel safe knowing that all 3 of the largest nuclear superpowers are populated by emotional peasants.

    --
    "Provided by the management for your protection."
  17. So the best thing you can do... by Pvt_Waldo · · Score: 2, Insightful

    ...is not spend your tmie ranting about how evil MS is or how bad or what not.

    Spend your time and energy making sure everyone patches. This is so simple to beat. Just patch.

  18. Closed source security by Shulai · · Score: 2, Insightful

    I want to note that all NT based Windows versions, at least since 4.0 are vulnerable. This means, this hole was sleeping from years, it could exist since late 1995 or earlier, if it wasn't introduced into NT4 in a SP. This means, also, people had a giant security issue along seven years, waiting for somebody to exploit it. I'm not sure how open source software can be affected in similar ways (anybody remember any case out there?), but I feel better thinking that open source allows a faster cycle for bug and vulnerability depuration.

    --
    Got Pike?
  19. Excuses by tigre222 · · Score: 2, Insightful
    A few observations; 1.We have been applying all relevant patches to NT/2000 servers and desktops quickly after release and for about a year or so now, nothing has gone wrong after. Yeh it's a pain, always require reboots. Big deal. You know how many machines out of 8 servers and 125 desktops have had virus problems?

    Three. One major education institution here (of which IT composes a large part) had their entire network comprimised. The professor (head of the IT Department) was on the radio waffling on about how bad it was but failed to answer why they had not applied patches until six weeks after the MS announcment. Of course, they applied the patches after the outbreak in the Uni. when the panic hit. WTF are they teaching there?

    2.The current announcment from MS was on the 10th of Sept. The BBC article appeared 8 days later (wow, they're on the ball!) and has FUD written all over it. You can just hear the Editor; "Quick! Microsoft announced a vulnerability over a week ago". "Get someone to write something". "People soak up this shit!" 3. I am not a huge fan of MS but, while their security doesn't seem to have improved their notifications/patches have improved, immensely. So good on em!
    --
    Where ever I go, there I am
  20. Treason or perjury? by SgtChaireBourne · · Score: 4, Insightful
    This bug came from China, and Microsoft has sent the source code to China ..
    That there is another Microsoft worm this week should come as no surprise. If you recall from the anti-trust trial and the appeal, Jim Allchin pointed out that Microsoft code was so flawed it could not be safely disclosed. It was even claimed that showing the Microsoft source code could damage national security.

    So, was it perjury or treason? You decide.

    Either way it's not a set of ethics that would induce me to resume business with them ... ever.

    --
    Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
  21. Re:HIV by Anonymous Coward · · Score: 1, Insightful

    Wouldnt a virus that is based in small parts be the best. Actually have it delivered through cookies, where most people dont change default settings allows it to put the first files needed to collect the other cookies, and have it deliverd by putting it on a widely used server like google. where it would slowly and inconspicuously form. And since windows likes to store cookies even when you try to get rid of them the people who do mess with their cookies settings are still infected. so really it would still take place when i think of it. But anyways, eventually it would collect and activate and in its activation(which would be on a syncronized date) would go about infection non infected systems while it slowly messes up peoples pcs, and servers. It would be completely under the radar and compact. You really wouldnt even need it to infect other peoples pcs other than the ones infected with the tainted cookies really think about how many people access google then how many servers read those cookies and collect them...