Slashdot Mirror
New Microsoft Worm Coming Soon?
Seft sent in a solid article running on the BBC discussing the next potential worm explosion on the heels of a recent
Security Bulletin from Microsoft. The article is a somewhat general topic piece on worms in general.
From the article:
US computer security firm iDefense discovered the code being circulated from Chinese websites. It said some computers were already being broken into using the new exploit code.
This puts a bit of a different spin on the previous story, in which Taiwan accused China of organizing a cyber-attack. I think this validates the position that Taiwan's government was simply disseminating a little cross-channel FUD... there may indeed be Chinese hackers trying to break into Taiwanese systems, but they're doing it on an ad-hoc basis, not as part of a government-sponsored attack.
Think about it... you're a hacker in mainland China, and you want to attack someone. Do you go after your own government? Only if your family doesn't mind paying for the bullet when you're convicted of espionage. Much safer to hit a country that your government wouldn't mind giving a black eye?
Hackers in China... hey, it looks like China is the new Russia!
Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
...Scientists predict the sun will rise tomorrow.
on the heals of a recent Security Bulletin from Microsoft
Apparently, the worm infects the user's grammar-checker, rendering it inoperable.
No excuse on this one. It's not like Blaster happened eons ago, and this is virtually the same type of flaw. Patch your systems.
...that the next worm explosion heals the recent Microsoft Security Bulletin. That will be a welcome change, coming on the heels of the last big Microsoft worm.
So more companys like Air Canada can get hit and blame it on the worm makers, yet never blame it on there stupid IT department that had three weeks to patch the system and never did.
"Malicious hackers are starting to circulate computer code that exploits recently found vulnerabilities"
Starting? When was this article written 1993?
Gee thats like say new windows security patch coming soon
"Its too hot out for a Penguin to be just walking around. - Billy Madison"
All my friends and family use Worm 9.0! It's easier than ever!
Am I the only one who noticed that the woman in the BBC Article's picture (directly above the "The MSBlast worm hit some users hard" Caption text) is using an old mac, and therefore, is not struggling with the MSBlast worm?
The power button and display/contrast knobs on the side of the monitor give it away....
Also, from the article: "But viruses that take advantage of new found flaws in the chunk of computer code exploited by MSBlast look set to arrive even sooner." -- Does this mean that even though microsoft cleaned up the code that was used by MSBlast as a backdoor, they still overlooked some code in the same region?
Its a shame the only people who read these articles are the ones who aren't affected in the first place.
According to C|Net's News.com.com, two new woms have surfaced exploiting a 2 year old hole in IE 5.x.
Okay, I've read about three emails so far, plus this article, about this new security hole. So of course, I go to download the patch.
And there is no patch. Headed to http://windowsupdate.microsoft.com, hit Scan for Updates.... nothing shows under Critical Updates.
Anyone know what's up with this?
James.
"I have spread my dreams under your feet, Tread softly, because you tread on my dreams." - W. B. Yeats.
A pre-worm article
A current worm article
And a post-worm article?
Essentially three times the FUD, bashing, turfing, and... well, slashdot.
A winner is you!
My suspected-spam file had something like 50-60 new messages in it since last night. Except for one Nigerian-scam message, they all claimed to be security fixes from Microsoft (how original of them :-| ). I saved the attachment from one of them and let Nortan Antivirus take a look at it. It didn't identify any virus (even after updating signatures), but it has to be malware of some sort that just hasn't been cataloged yet.
20 January 2017: the End of an Error.
Only the latest virus definitions catch this thing.
Actually Sino-US relations have been constantly improving going all the way back to Nixon. Carter also did a lot to further relations. There are also plenty of US businesses operating in China (some of which have been mentioned on Slashdot in the past).
The Sun is scheduled to rise in the east tomorrow morning...
WTF? Over?
"US computer security firm iDefense discovered the code being circulated from Chinese websites."
Chinese websites, as in from mainland China, or from Hong Kong?
If it is Hong Kong; then perhaps it is the same fellows that run the bootleg operations. Oddly, it doesn't seem that the new Chinese rule has done anything to stop this. I guess crimes against the US and other world nations and their computer systems don't count for as much as saying that thuggish tyrants shouldn't rule.
Mainland, on the other hand, would indicate something occuring directly under the pervue of China, and their 'government'.
Neither is particular suprising or unusual, but these kind of folks usually get ignored for swapping copyrighted data and running illegal porn sites. I wonder if swapping viruses will put them on the criminal radar?
Anyone have any information on this particular factoid? It would be interesting to know if these are HK or Mainland.
Eh.
-Chompster
This isn't a redundant post; I just set my threshold to 6.
Either MS is stupid and hasn't put up the patch for win2k pro yet, or I got this ages ago.
I think it's another blatant attempt by the media to instill fear in the public about the notion of another huge worm attack on people's computers. I guess the BBC wants credit for the "We said it here first people" catch phrase, then why not have the BBC post an article warning about "The countdown to the next Windows security hole has begun" (I'll start a pool to see who correctly date when a new security hole is found), or the next version update of the Apache webserver long before anyone else can or does, or the oh so coveted hacked webpage that will be coming soon ("The countdown to the next hacked webpage has begun". This reminds me of MSNBC's folly of accidentally posting the pre-made death articles of some high-profile celebrities and political figures.
1.Ride on the General Public's Fear
2.Feed the Fear
3.?
4.Profit!
Good to know.
I'm sure GWBush is despreatly looking for an "evil nation" that can "bring it on".
But then I find US and China having any kind of hostility highly unlikely.
China exports so much to the US that they'd fall over backwards and cry if the US put on a trade embargo. No shots need to be fired.
In Soviet Russia, the television watches YOU!
"Windows 98, Windows 98 Second Edition (SE), and Windows 95 also are not affected by this issue." So we can save ourselves by downgrading to previous windows versions? Or is this just a shameless plug? "However, these products are no longer supported. Users of these products are strongly encouraged to upgrade to later versions." Yup. It's a plug for newer, even more vunerable software, alright.
10 Bits= $.25
100 Bits= $.50
110 Bits= $.75
1000 Bits= 1 byte
Tra la la ...we're goin' 'round the good ole 'net.
hey guys looky there, a new network let's swamp it, I say
*swamp swamp swamp*
ha ha ha ha ha ho ho ho ho ho hee he he he what fun!
*happy singing*
here we go around the good ole net
good ole net
good old net
hi fellas, guess what I found! A nice clean M$ server
Yaaaay!!!
Here we go *infect infect infect*
Haa ha ha ha ho ho ho ho hee hee hee hee What fun!
An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
After reading this article, I immediately checked WindowsUpate... only to find I installed this already a few days ago. This is the positive side of the Auto-updater, being able to set it to tell you when there are new updates available.
I'd never set it to auto-update, and I sincerely hope it never gets forced upon me. But as long as the company I work for has a know-nothing IT guy and a reliance on windows-only software, I guess I'll have to live with patching my 2K install.
(Though don't tell my boss, I've got a Knoppix CD in my desk drawer and am currently exploring how feasible a switch to Linux on my work box might be!)
The longer I'm a member of the Human Race, the more I believe Apocalypse is a valid solution.
There's a new worm out there that exploits a security hole still in Windows 2k/XP from when it was released.
It has the capability to shut down applications, goes right through anti-virus software (even the latest patches!!!), and gives total control of the victim computer to the creator of the worm.
An attempt by the powers that be to shut down it's source of updates was thwarted by various government agencies and the worm itself.
Unfortunately there is no patch to get rid of the W32.MS.AutoUpdateRequired worm.
I think it's kind of ironic...on their page it goes through the products affected, NT, XP, etc.
And then they say Windows Me is not affected, not is 98, or 95, but you should upgrade to the newest versions. To the end user, that would kind of be like, I could upgrade to the newest versions, and then be vulnerable to all of this...why would I.
Just thought it was funny.
GeekWares - Buy and Download Today!
- The article is a somewhat general topic piece on worms in general.
Since General Wesley Clark has entered the general Democratic field for the next general election, it's been generally assumed that general technical issues like this one would be handled with somewhat general ease by applying the general security practices to used by the general public, in general.Yeah, like Walmart would ever survive without cheap T shirts and plastic crap from China. Forget about it.
http://www.k-otik.com/exploits/09.16.MS03-039-e
i'd post the code, but
Start thinking of us that operate in the real world. Cocky statements like "We've had plenty of warning about this, so it's only the criminally unprepared that will be hit right" sound outright stupid. The patch was released last Wednesday. To coordinate business departments, users and techincal staff along with testing requirements doesn't happen overnight. You do your best to patch as fast as possible and take steps to add a firewall layer but you have to deal with business requirements. Switching from Microsoft won't solve this problem either....OpenSSH anyone?
However, I don't mind Microsoft security problems, it keeps food on my table.
Strange women lying in ponds distributing swords is no basis for a system of government.
New ssh Exploit in the Wild
The problem seems to be that you're running late, not slashdot. The above stories were each posted the day before you claim that the vulnerabilities were discovered.
To be honest, I hope it just trashes boot sectors before writing random crap all over the hard drive. That might actually get the message through. All these soft viruses just make people think of it as an inconvenience. When something bad happens, people might just start sitting up and taking notice.
You're thinking software, not biology.
A virus like Ebola is bad news for its host. It spreads pretty easily and quickly causes violent, bloody death. But it kills its host so quickly that the host doesn't have time to infect anyone outside his immediate contacts, and the severe nature brings all Man's medical defenses to track the contagion to its source and eradicate it.
The common cold is a virus, too. It causes relatively minor discomfort to its host, only killing a small number of previously weakened hosts. This gives the cold time to spread widely before it is detected, and by that time the infection can no longer be contained -- or even traced back to its original host.
Early viruses were more Ebola-like, wiping out boot sectors, killing the host. But when was the last time you heard of a new infection by the Michelangelo virus?
Evolution, of a sort, has led to new viruses being more like the common cold -- annoying, but not deadly, and therefore common as a sneeze.
Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
Tonight 3 of these arrived here. It is an e-mail message that contains a .exe attachment that promises to be "the latest version of security update, the
"September 2003, Cumulative Patch" update which fixes
all known security vulnerabilities affecting
MS Internet Explorer, MS Outlook and MS Outlook Express
as well as three newly discovered vulnerabilities."
Apparently lots of people just doubleclick it.
I'm surprised we haven't seen worms doing more interesting tasks than coordinated DDOS attacks... Think what would happen if a worm spread some sort of simple P2P client to every machine it hit, and just initiated random downloads of mp3's from other worm-infested nodes (and maybe users could make a "suggested downloads list" through a config file somewhere). The RIAA would get dizzy trying to find a target to sue...
Just checked with Symantec...while the updated defs aren't available through LiveUpdate, they are available by downloading the Intelligent Updater. How smart of them...instead of sending out a couple hundred K, they force people to download 4 megs each until next Wednesday. It's their bandwidth, I suppose...
(I reran NAV after getting today's defs...it identified the file as containing Worm.Automat.AHB. SARC says nothing informative about it, but F-Secure says the following:
Another 5-10 copies arrived since my last post...busy little fscker, isn't it? Rabbits don't breed this rapidly.
20 January 2017: the End of an Error.
Bloodhound.Exploit.1
Which according to Symantec is "likely to be a new worm or Trojan that makes use of the DCOM RPC vulnerability.".
I'm pretty sure it's a false positive as the machine is patched, firewalled, and the file was found in the offline file cache (I've seen a few false positives in that directory).
For a minute or two I though the worm we are all expecting RSN, had been released.
i'm sure all the macintosh users were as frusterated as her.
>> I, for one, welcome our new worm Overlords.
:(
With that attitude, the movie Dune would have been a lot more boring.
A computer virus could wait several weeks before it nuked the hard drive.
If I wrote a virus, I would add anti-tamper features so that removing the virus would also trash the system. The virus could encrypt selected parts of the hard drive and decrypt them on-the-fly when the operating system accessed those sections of the hard drive.
Mea navis aericumbens anguillis abundat
From Microsoft:
Note Windows 98, Windows 98 Second Edition (SE), and Windows 95 also are not affected by this issue. However, these products are no longer supported. Users of these products are strongly encouraged to upgrade to later versions.
WTF? How this translates to me - "If your computer is immune from these new strains of virii you are strongly encouraged to make it vulnerable."
Have patch, firewall, etc. here at my company.
In the last 2 hours, I have received five messages all noting that my "message was underliverable" or similar wording.
No "attachment" (use Netscape 4.7x here at work for e-mail handling). But, a look at the source showed the payloads.
One was a ".bat" file, others were randomly named ".exe" files.
In analyzing the headers, most (three of five) appear to have originated from a "Comcast" server.
The time stamp on the messages of the messages ranged from 19:30 GMT to 16:30 GMT -4.
Something is spewing on the net.
Regards,
Fredrick
Other way around, son. US business is so hopelessly dependent on cheap Chinese labour and just in time manufacturing that there'd be chaos if China was embargoed.
Typical. Pre-announcing vaporware just to hurt competitors' sales.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
constantly improving
Over the long haul, yes.
But there were some points of tension when the U.S. cruddy intelligence led to the mistaken bombing of the Chinese embassy in Belgrade, and when a U.S. spyplane flying off the coast made an emergency landing on a Chinese island.
Meanwhile, the government there is learning that it can divert attention from inconvenient issues (like corruption between the military and industry, lack of an open democratic process) by exploiting nationalistic sentiment (We vs They).
This is in the same grand tradition that is done in the United States and in Russia, so the rest of the world can feel safe knowing that all 3 of the largest nuclear superpowers are populated by emotional peasants.
"Provided by the management for your protection."
...is not spend your tmie ranting about how evil MS is or how bad or what not.
Spend your time and energy making sure everyone patches. This is so simple to beat. Just patch.
That exploit was written closely based on my papers at http://www.immunitysec.com/papers/
Dave Aitel
Immunity, Inc.
I've already been getting emails for 3 days with crap from 'Microsoft' and people sending me the patches in .exe form... like I'd trust that.
:P.
But thankfully, I run FreeBSD and don't have to deal with that crap. Just the email overflow
www.sitetronics.com/wordpress
I'm too lazy to compose a creative sig.
I want to note that all NT based Windows versions, at least since 4.0 are vulnerable. This means, this hole was sleeping from years, it could exist since late 1995 or earlier, if it wasn't introduced into NT4 in a SP. This means, also, people had a giant security issue along seven years, waiting for somebody to exploit it. I'm not sure how open source software can be affected in similar ways (anybody remember any case out there?), but I feel better thinking that open source allows a faster cycle for bug and vulnerability depuration.
Got Pike?
Worms today all have limited vision in what they can do and a greedy philosophy which results in limiting their possible damage.
I'm one of the good guys, but I can certainly see the potential that an evil genius can do. Please read these two papers and get a idea of what is possibly coming.
Warhol Worms
Curious Yellow
Revolutions are never about freedom or justice. They're about who's going to be top dog. -- Kilgore Trout
Three. One major education institution here (of which IT composes a large part) had their entire network comprimised. The professor (head of the IT Department) was on the radio waffling on about how bad it was but failed to answer why they had not applied patches until six weeks after the MS announcment. Of course, they applied the patches after the outbreak in the Uni. when the panic hit. WTF are they teaching there?
2.The current announcment from MS was on the 10th of Sept. The BBC article appeared 8 days later (wow, they're on the ball!) and has FUD written all over it. You can just hear the Editor; "Quick! Microsoft announced a vulnerability over a week ago". "Get someone to write something". "People soak up this shit!" 3. I am not a huge fan of MS but, while their security doesn't seem to have improved their notifications/patches have improved, immensely. So good on em!Where ever I go, there I am
I was just thinking... I bet Microsoft is getting people to write these worms that exploit these security holes in Windows a week after the patch is available... It helps dispell the "myth" that Windows is insecure and all that, and nicely places the blame on the sysadmins... "You didn't patch??? Too bad..." You know what I mean? "It's not Microsoft's fault; they had a patch out a week ago." Brilliant. Microsoft++
So, was it perjury or treason? You decide.
Either way it's not a set of ethics that would induce me to resume business with them ... ever.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
AP WIRE(less), 18-Sep-03. Microsoft Corporation president Steve 'Balmy' Ballmer announced today the formation of a new subdivision of the company which will specialize in the production and marketing of exploits for the Windows operating system.
"All we're doing is catering to existing demand" Ballmer said during a press conference. "People want this stuff as much as they want Windows, and we're the best choice to make the exploits available. After all, we know better than anyone how many bugs are in our own code..."
The first official release of the Windows Exploit Advantage Kit, or WEAK, is scheduled to take place on December 42nd. When questioned about the date, Mr. Ballmer had this to say; "It's our way of honoring the late Douglas Adams. Even if that weren't enough, it turns out that the number of bugs in Windows, divided by half the number of years before our sun goes nova, equals exactly 42. What could be more appropriate for a release date...?"
Bruce Lane, KC7GR,
Blue Feather Technologies