Slashdot Mirror
New Microsoft Worm Coming Soon?
Seft sent in a solid article running on the BBC discussing the next potential worm explosion on the heels of a recent
Security Bulletin from Microsoft. The article is a somewhat general topic piece on worms in general.
From the article:
US computer security firm iDefense discovered the code being circulated from Chinese websites. It said some computers were already being broken into using the new exploit code.
This puts a bit of a different spin on the previous story, in which Taiwan accused China of organizing a cyber-attack. I think this validates the position that Taiwan's government was simply disseminating a little cross-channel FUD... there may indeed be Chinese hackers trying to break into Taiwanese systems, but they're doing it on an ad-hoc basis, not as part of a government-sponsored attack.
Think about it... you're a hacker in mainland China, and you want to attack someone. Do you go after your own government? Only if your family doesn't mind paying for the bullet when you're convicted of espionage. Much safer to hit a country that your government wouldn't mind giving a black eye?
Hackers in China... hey, it looks like China is the new Russia!
Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
Am I the only one who noticed that the woman in the BBC Article's picture (directly above the "The MSBlast worm hit some users hard" Caption text) is using an old mac, and therefore, is not struggling with the MSBlast worm?
The power button and display/contrast knobs on the side of the monitor give it away....
Also, from the article: "But viruses that take advantage of new found flaws in the chunk of computer code exploited by MSBlast look set to arrive even sooner." -- Does this mean that even though microsoft cleaned up the code that was used by MSBlast as a backdoor, they still overlooked some code in the same region?
According to C|Net's News.com.com, two new woms have surfaced exploiting a 2 year old hole in IE 5.x.
Okay, I've read about three emails so far, plus this article, about this new security hole. So of course, I go to download the patch.
And there is no patch. Headed to http://windowsupdate.microsoft.com, hit Scan for Updates.... nothing shows under Critical Updates.
Anyone know what's up with this?
James.
"I have spread my dreams under your feet, Tread softly, because you tread on my dreams." - W. B. Yeats.
My suspected-spam file had something like 50-60 new messages in it since last night. Except for one Nigerian-scam message, they all claimed to be security fixes from Microsoft (how original of them :-| ). I saved the attachment from one of them and let Nortan Antivirus take a look at it. It didn't identify any virus (even after updating signatures), but it has to be malware of some sort that just hasn't been cataloged yet.
20 January 2017: the End of an Error.
Only the latest virus definitions catch this thing.
"US computer security firm iDefense discovered the code being circulated from Chinese websites."
Chinese websites, as in from mainland China, or from Hong Kong?
If it is Hong Kong; then perhaps it is the same fellows that run the bootleg operations. Oddly, it doesn't seem that the new Chinese rule has done anything to stop this. I guess crimes against the US and other world nations and their computer systems don't count for as much as saying that thuggish tyrants shouldn't rule.
Mainland, on the other hand, would indicate something occuring directly under the pervue of China, and their 'government'.
Neither is particular suprising or unusual, but these kind of folks usually get ignored for swapping copyrighted data and running illegal porn sites. I wonder if swapping viruses will put them on the criminal radar?
Anyone have any information on this particular factoid? It would be interesting to know if these are HK or Mainland.
Eh.
-Chompster
This isn't a redundant post; I just set my threshold to 6.
After reading this article, I immediately checked WindowsUpate... only to find I installed this already a few days ago. This is the positive side of the Auto-updater, being able to set it to tell you when there are new updates available.
I'd never set it to auto-update, and I sincerely hope it never gets forced upon me. But as long as the company I work for has a know-nothing IT guy and a reliance on windows-only software, I guess I'll have to live with patching my 2K install.
(Though don't tell my boss, I've got a Knoppix CD in my desk drawer and am currently exploring how feasible a switch to Linux on my work box might be!)
The longer I'm a member of the Human Race, the more I believe Apocalypse is a valid solution.
I think it's kind of ironic...on their page it goes through the products affected, NT, XP, etc.
And then they say Windows Me is not affected, not is 98, or 95, but you should upgrade to the newest versions. To the end user, that would kind of be like, I could upgrade to the newest versions, and then be vulnerable to all of this...why would I.
Just thought it was funny.
GeekWares - Buy and Download Today!
To be honest, I hope it just trashes boot sectors before writing random crap all over the hard drive. That might actually get the message through. All these soft viruses just make people think of it as an inconvenience. When something bad happens, people might just start sitting up and taking notice.
You're thinking software, not biology.
A virus like Ebola is bad news for its host. It spreads pretty easily and quickly causes violent, bloody death. But it kills its host so quickly that the host doesn't have time to infect anyone outside his immediate contacts, and the severe nature brings all Man's medical defenses to track the contagion to its source and eradicate it.
The common cold is a virus, too. It causes relatively minor discomfort to its host, only killing a small number of previously weakened hosts. This gives the cold time to spread widely before it is detected, and by that time the infection can no longer be contained -- or even traced back to its original host.
Early viruses were more Ebola-like, wiping out boot sectors, killing the host. But when was the last time you heard of a new infection by the Michelangelo virus?
Evolution, of a sort, has led to new viruses being more like the common cold -- annoying, but not deadly, and therefore common as a sneeze.
Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
Bloodhound.Exploit.1
Which according to Symantec is "likely to be a new worm or Trojan that makes use of the DCOM RPC vulnerability.".
I'm pretty sure it's a false positive as the machine is patched, firewalled, and the file was found in the offline file cache (I've seen a few false positives in that directory).
For a minute or two I though the worm we are all expecting RSN, had been released.
A computer virus could wait several weeks before it nuked the hard drive.
If I wrote a virus, I would add anti-tamper features so that removing the virus would also trash the system. The virus could encrypt selected parts of the hard drive and decrypt them on-the-fly when the operating system accessed those sections of the hard drive.
Mea navis aericumbens anguillis abundat
Have patch, firewall, etc. here at my company.
In the last 2 hours, I have received five messages all noting that my "message was underliverable" or similar wording.
No "attachment" (use Netscape 4.7x here at work for e-mail handling). But, a look at the source showed the payloads.
One was a ".bat" file, others were randomly named ".exe" files.
In analyzing the headers, most (three of five) appear to have originated from a "Comcast" server.
The time stamp on the messages of the messages ranged from 19:30 GMT to 16:30 GMT -4.
Something is spewing on the net.
Regards,
Fredrick
> Its a shame the only people who read these articles are the ones who aren't affected in the first place.
Nope, the rest of us will have our network service will be degraded due to all the worm traffic.
Sheesh, evil *and* a jerk. -- Jade
That exploit was written closely based on my papers at http://www.immunitysec.com/papers/
Dave Aitel
Immunity, Inc.
I've already been getting emails for 3 days with crap from 'Microsoft' and people sending me the patches in .exe form... like I'd trust that.
:P.
But thankfully, I run FreeBSD and don't have to deal with that crap. Just the email overflow
www.sitetronics.com/wordpress
Worms today all have limited vision in what they can do and a greedy philosophy which results in limiting their possible damage.
I'm one of the good guys, but I can certainly see the potential that an evil genius can do. Please read these two papers and get a idea of what is possibly coming.
Warhol Worms
Curious Yellow
Revolutions are never about freedom or justice. They're about who's going to be top dog. -- Kilgore Trout
I was just thinking... I bet Microsoft is getting people to write these worms that exploit these security holes in Windows a week after the patch is available... It helps dispell the "myth" that Windows is insecure and all that, and nicely places the blame on the sysadmins... "You didn't patch??? Too bad..." You know what I mean? "It's not Microsoft's fault; they had a patch out a week ago." Brilliant. Microsoft++