Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Microsoft Worm Coming Soon?

Posted by CmdrTaco on from the get-ready-for-impact dept.

Seft sent in a solid article running on the BBC discussing the next potential worm explosion on the heels of a recent Security Bulletin from Microsoft. The article is a somewhat general topic piece on worms in general.

16 of 497 comments (clear)

  1. The Amazing Flying Hackers of China! by RobertB-DC · · Score: 5, Interesting

    From the article:
    US computer security firm iDefense discovered the code being circulated from Chinese websites. It said some computers were already being broken into using the new exploit code.

    This puts a bit of a different spin on the previous story, in which Taiwan accused China of organizing a cyber-attack. I think this validates the position that Taiwan's government was simply disseminating a little cross-channel FUD... there may indeed be Chinese hackers trying to break into Taiwanese systems, but they're doing it on an ad-hoc basis, not as part of a government-sponsored attack.

    Think about it... you're a hacker in mainland China, and you want to attack someone. Do you go after your own government? Only if your family doesn't mind paying for the bullet when you're convicted of espionage. Much safer to hit a country that your government wouldn't mind giving a black eye?

    Hackers in China... hey, it looks like China is the new Russia!

    --
    Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
    1. Re:The Amazing Flying Hackers of China! by ramzak2k · · Score: 4, Interesting

      does this have anything to do with Microsoft opening up its code to China ?

      --

      Siggy Say, Siggy Do
    2. Re:The Amazing Flying Hackers of China! by bigjocker · · Score: 5, Interesting

      Now that you mention it, probably.

      It's a lot easier to write a worm having the Windows' source code available. This bug came from China, and Microsoft has sent the source code to China ... maybe they should start looking for the Blaster writer over there ...

      Also, the last attack agains Taiwan by some chinese crackers may have something to do with this. Maybe Microsoft was right when they said that it would be a major security risk to publish the Windows source code.

      --
      Life isn't like a box of chocolates. It's more like a jar of jalapenos. What you do today, might burn your ass tomorrow.
    3. Re:The Amazing Flying Hackers of China! by The_K4 · · Score: 4, Interesting

      I'm waiting for the virus taht cause Windows XP to believe that it's not "activated" and cause hunders of thousnds of people to call to re-activeate their OS. :) Talk about DDoSing them. :)

    4. Re:The Amazing Flying Hackers of China! by Isomer · · Score: 5, Interesting

      True. It would have to run for x hours, trying to infect other hosts before "delivering its payload".

      What would be a good value for x? When the critical mass has been infected obviously.

      You can take the payload and split it up into "n" smaller chunks, then infect "n" initial machines with your virus each with only a small part of the payload. Then every time a virus infects a new host it splits it's payload in half until it's down to one byte/bit/whatever, then it just copies it's payload. When it finds another machine thats already infected, they both give each other their own payload.

      If the other side have data that conflicts with your own, throw theirs away to prevent poisoning

      So when there are lots of hosts to infect around the world, the payload gets split up, but it's not until almost all the machines are infected that the payload starts being reassembled.

      If the payload is encrypted in such a way that you need the entire payload to decrypt the entire thing, then Antivirus researchers can't tell what the payload is going to do before it actually occurs.

      You probably want to make sure that there are multiple copies of the initial data in case machines get cleaned that contain the only copy of one bit or so.

      We need to organise things like automated detection of abnormal network activity, and some kind of automated way to slow down (but perhaps not stop -- you're not sure if it is an actual virus) the flow of virulent activity.

      A technique like this could be used for something like Freenet to hide information until everyone has the information, then release it.

  2. Am i the only one? by madcoder47 · · Score: 4, Interesting

    Am I the only one who noticed that the woman in the BBC Article's picture (directly above the "The MSBlast worm hit some users hard" Caption text) is using an old mac, and therefore, is not struggling with the MSBlast worm?

    The power button and display/contrast knobs on the side of the monitor give it away....

    Also, from the article: "But viruses that take advantage of new found flaws in the chunk of computer code exploited by MSBlast look set to arrive even sooner." -- Does this mean that even though microsoft cleaned up the code that was used by MSBlast as a backdoor, they still overlooked some code in the same region?

  3. Already Here by Fletch · · Score: 4, Interesting

    According to C|Net's News.com.com, two new woms have surfaced exploiting a 2 year old hole in IE 5.x.

  4. Where's the update? by lord_dragonsfyre · · Score: 5, Interesting

    Okay, I've read about three emails so far, plus this article, about this new security hole. So of course, I go to download the patch.

    And there is no patch. Headed to http://windowsupdate.microsoft.com, hit Scan for Updates.... nothing shows under Critical Updates.

    Anyone know what's up with this?

    James.

    --
    "I have spread my dreams under your feet, Tread softly, because you tread on my dreams." - W. B. Yeats.
  5. I think there's already something new going around by ncc74656 · · Score: 5, Interesting

    My suspected-spam file had something like 50-60 new messages in it since last night. Except for one Nigerian-scam message, they all claimed to be security fixes from Microsoft (how original of them :-| ). I saved the attachment from one of them and let Nortan Antivirus take a look at it. It didn't identify any virus (even after updating signatures), but it has to be malware of some sort that just hasn't been cataloged yet.

    --
    20 January 2017: the End of an Error.
  6. Ironic by MrEnigma · · Score: 5, Interesting

    I think it's kind of ironic...on their page it goes through the products affected, NT, XP, etc.

    And then they say Windows Me is not affected, not is 98, or 95, but you should upgrade to the newest versions. To the end user, that would kind of be like, I could upgrade to the newest versions, and then be vulnerable to all of this...why would I.

    Just thought it was funny.

    --
    GeekWares - Buy and Download Today!
  7. Survival for Virus: Don't Kill Your Host by RobertB-DC · · Score: 5, Interesting

    To be honest, I hope it just trashes boot sectors before writing random crap all over the hard drive. That might actually get the message through. All these soft viruses just make people think of it as an inconvenience. When something bad happens, people might just start sitting up and taking notice.

    You're thinking software, not biology.

    A virus like Ebola is bad news for its host. It spreads pretty easily and quickly causes violent, bloody death. But it kills its host so quickly that the host doesn't have time to infect anyone outside his immediate contacts, and the severe nature brings all Man's medical defenses to track the contagion to its source and eradicate it.

    The common cold is a virus, too. It causes relatively minor discomfort to its host, only killing a small number of previously weakened hosts. This gives the cold time to spread widely before it is detected, and by that time the infection can no longer be contained -- or even traced back to its original host.

    Early viruses were more Ebola-like, wiping out boot sectors, killing the host. But when was the last time you heard of a new infection by the Michelangelo virus?

    Evolution, of a sort, has led to new viruses being more like the common cold -- annoying, but not deadly, and therefore common as a sneeze.

    --
    Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
  8. HIV by Detritus · · Score: 5, Interesting
    Another approach is to have a long incubation period, like HIV. It slowly multiplies over a long period of time before causing symptoms.

    A computer virus could wait several weeks before it nuked the hard drive.

    If I wrote a virus, I would add anti-tamper features so that removing the virus would also trash the system. The virus could encrypt selected parts of the hard drive and decrypt them on-the-fly when the operating system accessed those sections of the hard drive.

    --
    Mea navis aericumbens anguillis abundat
    1. Re:HIV by A_Non_Moose · · Score: 4, Interesting

      The virus could encrypt selected parts of the hard drive...

      What's really scary is this:

      Think of all the vbs worms/viruses, now mate that with windows scripting (similar to vbs, I think) and windows' abilty to encrypt the file system (built in functionality, right?).

      How hard would it be to, oh, say infect a system, encrypt the entire drive (or "my documents" or delete select files/user data), change the admin password, and reboot the system when done?

      I think that'd be the rudest awakening ever.

      I give it a year or so before it happens somewhere important, because some people never learn...esp Microsoft.

      --
      Have you read the moderator guidelines? Well, have you, PUNK? (and I want a Karma: Gnarly option)
    2. Re:HIV by HiThere · · Score: 4, Interesting

      Make that random parts of the system, and random *.doc files (and a few other extensions). Nobody would *dare* get rid of it. A bad system file can be replaced, but a bad doc file can be very bad.

      It might teach people about hierarchcical backups, but I doubt it.

      --

      I think we've pushed this "anyone can grow up to be president" thing too far.
  9. Already getting emails for 3 days by dodell · · Score: 3, Interesting

    I've already been getting emails for 3 days with crap from 'Microsoft' and people sending me the patches in .exe form... like I'd trust that.

    But thankfully, I run FreeBSD and don't have to deal with that crap. Just the email overflow :P.

    --
    www.sitetronics.com/wordpress
  10. You ain't seen nothing yet by ralphus · · Score: 4, Interesting
    I've said it before, and I'll say it again. The current array of worms making the rounds on the Internet are pretty fundamentally simple worms and not much more than teenagers throwing eggs at the wall on a large scale. Blaster was crashing systems because of it's sloppy coding, it wasn't even doing damage other than eating up resources and planning on attacking MS (which it stupidly did based on DNS entry and then even the WRONG ONE).

    Worms today all have limited vision in what they can do and a greedy philosophy which results in limiting their possible damage.

    I'm one of the good guys, but I can certainly see the potential that an evil genius can do. Please read these two papers and get a idea of what is possibly coming.

    Warhol Worms

    Curious Yellow

    --
    Revolutions are never about freedom or justice. They're about who's going to be top dog. -- Kilgore Trout