Slashdot Mirror
New Microsoft Worm Coming Soon?
Seft sent in a solid article running on the BBC discussing the next potential worm explosion on the heels of a recent
Security Bulletin from Microsoft. The article is a somewhat general topic piece on worms in general.
From the article:
US computer security firm iDefense discovered the code being circulated from Chinese websites. It said some computers were already being broken into using the new exploit code.
This puts a bit of a different spin on the previous story, in which Taiwan accused China of organizing a cyber-attack. I think this validates the position that Taiwan's government was simply disseminating a little cross-channel FUD... there may indeed be Chinese hackers trying to break into Taiwanese systems, but they're doing it on an ad-hoc basis, not as part of a government-sponsored attack.
Think about it... you're a hacker in mainland China, and you want to attack someone. Do you go after your own government? Only if your family doesn't mind paying for the bullet when you're convicted of espionage. Much safer to hit a country that your government wouldn't mind giving a black eye?
Hackers in China... hey, it looks like China is the new Russia!
Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
...Scientists predict the sun will rise tomorrow.
on the heals of a recent Security Bulletin from Microsoft
Apparently, the worm infects the user's grammar-checker, rendering it inoperable.
No excuse on this one. It's not like Blaster happened eons ago, and this is virtually the same type of flaw. Patch your systems.
...that the next worm explosion heals the recent Microsoft Security Bulletin. That will be a welcome change, coming on the heels of the last big Microsoft worm.
So more companys like Air Canada can get hit and blame it on the worm makers, yet never blame it on there stupid IT department that had three weeks to patch the system and never did.
"Malicious hackers are starting to circulate computer code that exploits recently found vulnerabilities"
Starting? When was this article written 1993?
All my friends and family use Worm 9.0! It's easier than ever!
Am I the only one who noticed that the woman in the BBC Article's picture (directly above the "The MSBlast worm hit some users hard" Caption text) is using an old mac, and therefore, is not struggling with the MSBlast worm?
The power button and display/contrast knobs on the side of the monitor give it away....
Also, from the article: "But viruses that take advantage of new found flaws in the chunk of computer code exploited by MSBlast look set to arrive even sooner." -- Does this mean that even though microsoft cleaned up the code that was used by MSBlast as a backdoor, they still overlooked some code in the same region?
Its a shame the only people who read these articles are the ones who aren't affected in the first place.
According to C|Net's News.com.com, two new woms have surfaced exploiting a 2 year old hole in IE 5.x.
Okay, I've read about three emails so far, plus this article, about this new security hole. So of course, I go to download the patch.
And there is no patch. Headed to http://windowsupdate.microsoft.com, hit Scan for Updates.... nothing shows under Critical Updates.
Anyone know what's up with this?
James.
"I have spread my dreams under your feet, Tread softly, because you tread on my dreams." - W. B. Yeats.
A pre-worm article
A current worm article
And a post-worm article?
Essentially three times the FUD, bashing, turfing, and... well, slashdot.
A winner is you!
My suspected-spam file had something like 50-60 new messages in it since last night. Except for one Nigerian-scam message, they all claimed to be security fixes from Microsoft (how original of them :-| ). I saved the attachment from one of them and let Nortan Antivirus take a look at it. It didn't identify any virus (even after updating signatures), but it has to be malware of some sort that just hasn't been cataloged yet.
20 January 2017: the End of an Error.
Actually Sino-US relations have been constantly improving going all the way back to Nixon. Carter also did a lot to further relations. There are also plenty of US businesses operating in China (some of which have been mentioned on Slashdot in the past).
"Windows 98, Windows 98 Second Edition (SE), and Windows 95 also are not affected by this issue." So we can save ourselves by downgrading to previous windows versions? Or is this just a shameless plug? "However, these products are no longer supported. Users of these products are strongly encouraged to upgrade to later versions." Yup. It's a plug for newer, even more vunerable software, alright.
10 Bits= $.25
100 Bits= $.50
110 Bits= $.75
1000 Bits= 1 byte
Tra la la ...we're goin' 'round the good ole 'net.
hey guys looky there, a new network let's swamp it, I say
*swamp swamp swamp*
ha ha ha ha ha ho ho ho ho ho hee he he he what fun!
*happy singing*
here we go around the good ole net
good ole net
good old net
hi fellas, guess what I found! A nice clean M$ server
Yaaaay!!!
Here we go *infect infect infect*
Haa ha ha ha ho ho ho ho hee hee hee hee What fun!
An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
There's a new worm out there that exploits a security hole still in Windows 2k/XP from when it was released.
It has the capability to shut down applications, goes right through anti-virus software (even the latest patches!!!), and gives total control of the victim computer to the creator of the worm.
An attempt by the powers that be to shut down it's source of updates was thwarted by various government agencies and the worm itself.
Unfortunately there is no patch to get rid of the W32.MS.AutoUpdateRequired worm.
I think it's kind of ironic...on their page it goes through the products affected, NT, XP, etc.
And then they say Windows Me is not affected, not is 98, or 95, but you should upgrade to the newest versions. To the end user, that would kind of be like, I could upgrade to the newest versions, and then be vulnerable to all of this...why would I.
Just thought it was funny.
GeekWares - Buy and Download Today!
http://www.k-otik.com/exploits/09.16.MS03-039-e
i'd post the code, but
Start thinking of us that operate in the real world. Cocky statements like "We've had plenty of warning about this, so it's only the criminally unprepared that will be hit right" sound outright stupid. The patch was released last Wednesday. To coordinate business departments, users and techincal staff along with testing requirements doesn't happen overnight. You do your best to patch as fast as possible and take steps to add a firewall layer but you have to deal with business requirements. Switching from Microsoft won't solve this problem either....OpenSSH anyone?
However, I don't mind Microsoft security problems, it keeps food on my table.
Strange women lying in ponds distributing swords is no basis for a system of government.
New ssh Exploit in the Wild
The problem seems to be that you're running late, not slashdot. The above stories were each posted the day before you claim that the vulnerabilities were discovered.
To be honest, I hope it just trashes boot sectors before writing random crap all over the hard drive. That might actually get the message through. All these soft viruses just make people think of it as an inconvenience. When something bad happens, people might just start sitting up and taking notice.
You're thinking software, not biology.
A virus like Ebola is bad news for its host. It spreads pretty easily and quickly causes violent, bloody death. But it kills its host so quickly that the host doesn't have time to infect anyone outside his immediate contacts, and the severe nature brings all Man's medical defenses to track the contagion to its source and eradicate it.
The common cold is a virus, too. It causes relatively minor discomfort to its host, only killing a small number of previously weakened hosts. This gives the cold time to spread widely before it is detected, and by that time the infection can no longer be contained -- or even traced back to its original host.
Early viruses were more Ebola-like, wiping out boot sectors, killing the host. But when was the last time you heard of a new infection by the Michelangelo virus?
Evolution, of a sort, has led to new viruses being more like the common cold -- annoying, but not deadly, and therefore common as a sneeze.
Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
Tonight 3 of these arrived here. It is an e-mail message that contains a .exe attachment that promises to be "the latest version of security update, the
"September 2003, Cumulative Patch" update which fixes
all known security vulnerabilities affecting
MS Internet Explorer, MS Outlook and MS Outlook Express
as well as three newly discovered vulnerabilities."
Apparently lots of people just doubleclick it.
Just checked with Symantec...while the updated defs aren't available through LiveUpdate, they are available by downloading the Intelligent Updater. How smart of them...instead of sending out a couple hundred K, they force people to download 4 megs each until next Wednesday. It's their bandwidth, I suppose...
(I reran NAV after getting today's defs...it identified the file as containing Worm.Automat.AHB. SARC says nothing informative about it, but F-Secure says the following:
Another 5-10 copies arrived since my last post...busy little fscker, isn't it? Rabbits don't breed this rapidly.
20 January 2017: the End of an Error.
i'm sure all the macintosh users were as frusterated as her.
>> I, for one, welcome our new worm Overlords.
:(
With that attitude, the movie Dune would have been a lot more boring.
A computer virus could wait several weeks before it nuked the hard drive.
If I wrote a virus, I would add anti-tamper features so that removing the virus would also trash the system. The virus could encrypt selected parts of the hard drive and decrypt them on-the-fly when the operating system accessed those sections of the hard drive.
Mea navis aericumbens anguillis abundat
From Microsoft:
Note Windows 98, Windows 98 Second Edition (SE), and Windows 95 also are not affected by this issue. However, these products are no longer supported. Users of these products are strongly encouraged to upgrade to later versions.
WTF? How this translates to me - "If your computer is immune from these new strains of virii you are strongly encouraged to make it vulnerable."
Other way around, son. US business is so hopelessly dependent on cheap Chinese labour and just in time manufacturing that there'd be chaos if China was embargoed.
Typical. Pre-announcing vaporware just to hurt competitors' sales.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
constantly improving
Over the long haul, yes.
But there were some points of tension when the U.S. cruddy intelligence led to the mistaken bombing of the Chinese embassy in Belgrade, and when a U.S. spyplane flying off the coast made an emergency landing on a Chinese island.
Meanwhile, the government there is learning that it can divert attention from inconvenient issues (like corruption between the military and industry, lack of an open democratic process) by exploiting nationalistic sentiment (We vs They).
This is in the same grand tradition that is done in the United States and in Russia, so the rest of the world can feel safe knowing that all 3 of the largest nuclear superpowers are populated by emotional peasants.
"Provided by the management for your protection."
I've already been getting emails for 3 days with crap from 'Microsoft' and people sending me the patches in .exe form... like I'd trust that.
:P.
But thankfully, I run FreeBSD and don't have to deal with that crap. Just the email overflow
www.sitetronics.com/wordpress
Worms today all have limited vision in what they can do and a greedy philosophy which results in limiting their possible damage.
I'm one of the good guys, but I can certainly see the potential that an evil genius can do. Please read these two papers and get a idea of what is possibly coming.
Warhol Worms
Curious Yellow
Revolutions are never about freedom or justice. They're about who's going to be top dog. -- Kilgore Trout
So, was it perjury or treason? You decide.
Either way it's not a set of ethics that would induce me to resume business with them ... ever.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.