Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Microsoft Worm Coming Soon?

Posted by CmdrTaco on from the get-ready-for-impact dept.

Seft sent in a solid article running on the BBC discussing the next potential worm explosion on the heels of a recent Security Bulletin from Microsoft. The article is a somewhat general topic piece on worms in general.

8 of 497 comments (clear)

  1. The Amazing Flying Hackers of China! by RobertB-DC · · Score: 5, Interesting

    From the article:
    US computer security firm iDefense discovered the code being circulated from Chinese websites. It said some computers were already being broken into using the new exploit code.

    This puts a bit of a different spin on the previous story, in which Taiwan accused China of organizing a cyber-attack. I think this validates the position that Taiwan's government was simply disseminating a little cross-channel FUD... there may indeed be Chinese hackers trying to break into Taiwanese systems, but they're doing it on an ad-hoc basis, not as part of a government-sponsored attack.

    Think about it... you're a hacker in mainland China, and you want to attack someone. Do you go after your own government? Only if your family doesn't mind paying for the bullet when you're convicted of espionage. Much safer to hit a country that your government wouldn't mind giving a black eye?

    Hackers in China... hey, it looks like China is the new Russia!

    --
    Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
    1. Re:The Amazing Flying Hackers of China! by bigjocker · · Score: 5, Interesting

      Now that you mention it, probably.

      It's a lot easier to write a worm having the Windows' source code available. This bug came from China, and Microsoft has sent the source code to China ... maybe they should start looking for the Blaster writer over there ...

      Also, the last attack agains Taiwan by some chinese crackers may have something to do with this. Maybe Microsoft was right when they said that it would be a major security risk to publish the Windows source code.

      --
      Life isn't like a box of chocolates. It's more like a jar of jalapenos. What you do today, might burn your ass tomorrow.
    2. Re:The Amazing Flying Hackers of China! by Isomer · · Score: 5, Interesting

      True. It would have to run for x hours, trying to infect other hosts before "delivering its payload".

      What would be a good value for x? When the critical mass has been infected obviously.

      You can take the payload and split it up into "n" smaller chunks, then infect "n" initial machines with your virus each with only a small part of the payload. Then every time a virus infects a new host it splits it's payload in half until it's down to one byte/bit/whatever, then it just copies it's payload. When it finds another machine thats already infected, they both give each other their own payload.

      If the other side have data that conflicts with your own, throw theirs away to prevent poisoning

      So when there are lots of hosts to infect around the world, the payload gets split up, but it's not until almost all the machines are infected that the payload starts being reassembled.

      If the payload is encrypted in such a way that you need the entire payload to decrypt the entire thing, then Antivirus researchers can't tell what the payload is going to do before it actually occurs.

      You probably want to make sure that there are multiple copies of the initial data in case machines get cleaned that contain the only copy of one bit or so.

      We need to organise things like automated detection of abnormal network activity, and some kind of automated way to slow down (but perhaps not stop -- you're not sure if it is an actual virus) the flow of virulent activity.

      A technique like this could be used for something like Freenet to hide information until everyone has the information, then release it.

  2. Where's the update? by lord_dragonsfyre · · Score: 5, Interesting

    Okay, I've read about three emails so far, plus this article, about this new security hole. So of course, I go to download the patch.

    And there is no patch. Headed to http://windowsupdate.microsoft.com, hit Scan for Updates.... nothing shows under Critical Updates.

    Anyone know what's up with this?

    James.

    --
    "I have spread my dreams under your feet, Tread softly, because you tread on my dreams." - W. B. Yeats.
  3. I think there's already something new going around by ncc74656 · · Score: 5, Interesting

    My suspected-spam file had something like 50-60 new messages in it since last night. Except for one Nigerian-scam message, they all claimed to be security fixes from Microsoft (how original of them :-| ). I saved the attachment from one of them and let Nortan Antivirus take a look at it. It didn't identify any virus (even after updating signatures), but it has to be malware of some sort that just hasn't been cataloged yet.

    --
    20 January 2017: the End of an Error.
  4. Ironic by MrEnigma · · Score: 5, Interesting

    I think it's kind of ironic...on their page it goes through the products affected, NT, XP, etc.

    And then they say Windows Me is not affected, not is 98, or 95, but you should upgrade to the newest versions. To the end user, that would kind of be like, I could upgrade to the newest versions, and then be vulnerable to all of this...why would I.

    Just thought it was funny.

    --
    GeekWares - Buy and Download Today!
  5. Survival for Virus: Don't Kill Your Host by RobertB-DC · · Score: 5, Interesting

    To be honest, I hope it just trashes boot sectors before writing random crap all over the hard drive. That might actually get the message through. All these soft viruses just make people think of it as an inconvenience. When something bad happens, people might just start sitting up and taking notice.

    You're thinking software, not biology.

    A virus like Ebola is bad news for its host. It spreads pretty easily and quickly causes violent, bloody death. But it kills its host so quickly that the host doesn't have time to infect anyone outside his immediate contacts, and the severe nature brings all Man's medical defenses to track the contagion to its source and eradicate it.

    The common cold is a virus, too. It causes relatively minor discomfort to its host, only killing a small number of previously weakened hosts. This gives the cold time to spread widely before it is detected, and by that time the infection can no longer be contained -- or even traced back to its original host.

    Early viruses were more Ebola-like, wiping out boot sectors, killing the host. But when was the last time you heard of a new infection by the Michelangelo virus?

    Evolution, of a sort, has led to new viruses being more like the common cold -- annoying, but not deadly, and therefore common as a sneeze.

    --
    Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
  6. HIV by Detritus · · Score: 5, Interesting
    Another approach is to have a long incubation period, like HIV. It slowly multiplies over a long period of time before causing symptoms.

    A computer virus could wait several weeks before it nuked the hard drive.

    If I wrote a virus, I would add anti-tamper features so that removing the virus would also trash the system. The virus could encrypt selected parts of the hard drive and decrypt them on-the-fly when the operating system accessed those sections of the hard drive.

    --
    Mea navis aericumbens anguillis abundat